The malicious code, known as both Warezov and Stration, is similar to an earlier version detected in February, but with a new URL and a new version of the malicious code an alert
The code itself isn't self-propogating but when it runs, the URL is sent to everyone on the user's contact list.
When users click on the link, they are redirected to a site that is hosting a file named file_01.exe. Users are then prompted to run the file and if they do, several other files are downloaded and run. The downloaded files are other versions of the Waresov/Stration malicious code.
Once the Trojan is installed in a system, it tries to connect to a Yahoo Inc. mail server to send an SMTP (Simple Mail Transfer Protocol) message.
However, that server doesn't appear to be operating, according to Websense....
No comments:
Post a Comment