Dr. Strangelove
06-02-2007, 06:34 AM
From SANS NewsBites May 31, 2007 Volume: IX, Issue: 43
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Worm Jumps from Skype to ICQ, MSN (May 24, 2007)
A variant of the Stration worm has moved from Skype to the ICQ and MSN Messenger networks. The variant seeks other instant messaging (IM) clients on infected computers and sends itself out through them. Computers become infected when users click on a provided link and agree to download an executable file. The link will usually be accompanied by a suspiciously bland message, such as "Check this out. Give me your opinion." This appears to be the first time a worm has jumped from Skype to a different network.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9021241&source=NLT_AM&nlid=1
[Editor's Note (Northcutt): The title is a bit misleading, Stration is now trying to infect via ICQ Messenger. The most important thing to know is this has to be a self inflicted injury, you have to double click on the attachment, click on the link etc, Vista users are safer, they have to then type in their password to get infected. In issue 40 we ran a story about a researcher that ran an ad "Drive-By Download. Is your PC virus-free? Get it infected here!" and 409 people clicked on it. There is a very comprehensive analysis of Stration and its many tricks on the Computer Associates site:
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=58375]
Doc
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Worm Jumps from Skype to ICQ, MSN (May 24, 2007)
A variant of the Stration worm has moved from Skype to the ICQ and MSN Messenger networks. The variant seeks other instant messaging (IM) clients on infected computers and sends itself out through them. Computers become infected when users click on a provided link and agree to download an executable file. The link will usually be accompanied by a suspiciously bland message, such as "Check this out. Give me your opinion." This appears to be the first time a worm has jumped from Skype to a different network.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9021241&source=NLT_AM&nlid=1
[Editor's Note (Northcutt): The title is a bit misleading, Stration is now trying to infect via ICQ Messenger. The most important thing to know is this has to be a self inflicted injury, you have to double click on the attachment, click on the link etc, Vista users are safer, they have to then type in their password to get infected. In issue 40 we ran a story about a researcher that ran an ad "Drive-By Download. Is your PC virus-free? Get it infected here!" and 409 people clicked on it. There is a very comprehensive analysis of Stration and its many tricks on the Computer Associates site:
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=58375]
Doc