EXPERT RESPONSE
Warezov, also known as Stration and Stratio, is indeed a widespread scourge, having more than 300 variations so far and infecting hundreds of thousands of systems. For infection to occur, Warezov requires users to run an email attachment; the malware then spreads via the mass emails from infected systems. In that regard, Warezov is pretty common.
What makes Warezov more interesting, however, is its update capability. Warezov is a form of metamorphic code. The malware can update itself every 30 minutes, pulling new functions from a series of Web servers that the attackers have located. It evolves its functionality on a regular basis. When its creators upload another stage of Warezov on the Internet, hundreds of thousands of infected hosts will pick up the new module and run it. The elements of Warezov that we have captured so far don't have any malicious payload functionality; they just continually look for their new stages to be loaded. As of this writing, it is not yet clear what the attackers plan to do with their compromised hosts. A subsequent malicious module has not yet been captured in the wild, so we will have to wait and see what other functionalities may soon exist. The attackers might be preparing to distribute a bot. They can then create a botnet that causes denial-of-service floods, keystroke logging or other nastiness.
As for defending against such malware, make sure you have a widely deployed antivirus and antispyware infrastructure, and update it on a daily basis. Also, filter unwanted attachments at your border mail servers and educate your users not to open email attachments.
More information:
Read more about malware and its ever-evolving nature.
Take a look at this year's ten emerging malware trends.
|
