In September 2006, the tech world was focused on a reported Windows vulnerability related to the implementation of Vector Markup Language (VML). While programmers raced to fix the VML issue, spammers capitalized on the opportunity.
Using the new bug in the Windows, these viruses infect the computer without being noticed. After the penetrating into the computer the virus harvests all the email addresses and sends the copies of itself to these email addresses.
A message began appearing in inboxes:
“Please install updates for worm elimination and your computer restoring [sic].”
Questionable grammar aside, it’s easy to see how VML-rattled computers user could fall for the message, download its attachments, and unknowingly infect their computers with the Stration worm.
Stration worm proves difficult to stop
Stration, aka Warezov, originated in China, according to DNS records for the URLs advertised by the spam. The URLs were registered under the names of known prolific spammers Wang Pang and Bai Ming.
Initially, security experts thought the virus had no payload, but it did — six hours later. Then, the infected computer would contact a different domain for a new Trojan and start rapidly sending spam advertising pharmaceutical sites.
Aside from a delayed payload, Stration had a chameleon-like quality that made it hard to stop. The worm could download a new version of itself as quickly as every 30 minutes.
Stration confounded experts for months as it spread via email and ICQ, the instant messaging service owned by AOL. Then, in early 2007, Stration made the jump to Skype, where a fake chat message would ask a recipient to click on a link to a compromised site.
Photo: wk1003mike / Shutterstock