NEWS FROM THE LAB - Sunday, September 10, 2006

Warezov / Stration being spammed Posted by Mikko @ 14:15 GMT

We're right now publishing an update for new Warezov / Stration variants that have been spammed within the last two hours. We will block this malware either as Email-Worm.Win32.Warezov.q or as Email-Worm.Win32.Warezov.r.

The worm is sending itself in various, different e-mails. Here's one example:

Warezov Example

This Warezov variant downloads additional components from yuhadefunjinsa.com/[removed]/lt.exe. Admins might want to monitor traffic to that domain from their network.

When the malware has infected the system, it displays this reassuring message to the user:

Warezov Message