Problem solve Get help with specific problems with your technologies, process and projects.

Is Warezov a security concern?

Warezov, also known as Stration and Stratio, is a widespread scourge, already infecting hundreds of thousands of systems. In this SearchSecurity.com Q&A, information security threats expert Ed Skoudis reveals the dangerous capabilities that separate this type of malware from the rest.

I recently read an article regarding a new type of malware called "Warezov." From what I've read, it's prevalent in spam. Can you please provide an explanation of what Warezov is, if it's truly a security concern and what measures we enterprise infosec folk can take to protect against it?
Warezov, also known as Stration and Stratio, is indeed a widespread scourge, having more than 300 variations so far and infecting hundreds of thousands of systems. For infection to occur, Warezov requires users to run an email attachment; the malware then spreads via the mass emails from infected systems. In that regard, Warezov is pretty common.

What makes Warezov more interesting, however, is its update capability. Warezov is a form of metamorphic code. The malware can update itself every 30 minutes, pulling new functions from a series of Web servers that the attackers have located. It evolves its functionality on a regular basis. When its creators upload another stage of Warezov on the Internet, hundreds of thousands of infected hosts will pick up the new module and run it. The elements of Warezov that we have captured so far don't have any malicious payload functionality; they just continually look for their new stages to be loaded. As of this writing, it is not yet clear what the attackers plan to do with their compromised hosts. A subsequent malicious module has not yet been captured in the wild, so we will have to wait and see what other functionalities may soon exist. The attackers might be preparing to distribute a bot. They can then create a botnet that causes denial-of-service floods, keystroke logging or other nastiness.

As for defending against such malware, make sure you have a widely deployed antivirus and antispyware infrastructure, and update it on a daily basis. Also, filter unwanted attachments at your border mail servers and educate your users not to open email attachments.

More information:

  • Read more about malware and its ever-evolving nature.
  • Take a look at this year's ten emerging malware trends.
  • This was last published in February 2007

    Dig Deeper on Malware, virus, Trojan and spyware protection and removal

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.