Hey Hey,

I was just about to head off to work when I did one last check of my email… and what do I see but an email with the subject ‘Mail Server Report’… The address doesn’t look familiar, but I’ve received a few of these lately from various mailing list submissions. This was the content of the email I opened:


Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

I’m rather impressed…. these bastards are getting slicker and slicker…. or maybe this has been around for a while and I just don’t pay much attention… Attached to the email was the file Update-KB8375-x86.zip.

I submitted the file to VirusTotal and here’s what I got back:
Complete scanning result of “Update-KB8375-x86.exe”, received in VirusTotal at 09.25.2006, 15:50:55 (CET).
Antivirus 	Version 	Update 	Result AntiVir 	09.25.2006 	Worm/Stration.C
Authentium 	4.93.8 	09.25.2006 	no virus found
Avast 	4.7.844.0 	09.25.2006 	no virus found
AVG 	386 	09.22.2006 	no virus found
BitDefender 	7.2 	09.25.2006 	DeepScan:Generic.Stration.F614E1C9
CAT-QuickHeal 	8.00 	09.25.2006 	(Suspicious) - DNAScan
ClamAV 	devel-20060426 	09.25.2006 	no virus found
eTrust-InoculateIT 	23.73.4 	09.24.2006 	Win32/Stration.Variant!Worm
eTrust-Vet 	30.3.3098 	09.25.2006 	no virus found
DrWeb 	4.33 	09.22.2006 	no virus found
Ewido 	4.0 	09.25.2006 	no virus found
Fortinet 	09.25.2006 	suspicious
F-Prot 	3.16f 	09.25.2006 	no virus found
F-Prot4 	09.25.2006 	no virus found
Ikarus 	09.25.2006 	no virus found
Kaspersky 	09.25.2006 	no virus found
McAfee 	4858 	09.22.2006 	New Malware.n
Microsoft 	1.1560 	09.24.2006 	no virus found
NOD32v2 	1.1774 	09.25.2006 	a variant of Win32/Stration
Norman 	5.80.02 	09.25.2006 	no virus found
Panda 	09.25.2006 	Suspicious file
Sophos 	4.09.0 	09.25.2006 	W32/Stratio-AN
Symantec 	8.0 	09.25.2006 	no virus found
TheHacker 	09.25.2006 	no virus found
UNA 	1.83 	09.22.2006 	no virus found
VBA32 	3.11.1 	09.25.2006 	no virus found
VirusBuster 	4.3.7:9 	09.25.2006 	Trojan.Opnis.Gen!Pac2
	Aditional Information File size: 116144 bytes
MD5: 633f4b2991ebdfd9e1611f4ec841a687
SHA1: bb77b78d54c8319caba19302f25ea72135797e18
It’s great to know that Symantec (one of the more favoured corporate AVs) and AVG (a very popular Free scanner) knew nothing of this virus yet…. If anyone is interested in the file for research or just to play with, let me know


PS, a nicely formatted version of this is available @ http://www.computerdefense.org/?p=111