検索:
ホーム   »     »   STRATIONS breaks lose!

STRATIONS breaks lose!

  • 投稿日:2006年10月24日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

For a brief amount of time today, TMIRT honeypots were able to receive multiple samples of TROJ_STRAT.DR. In what seems to be another “spiked” attack, TROJ_STRAT.DR was aggressively spammed, recompiled, then spammed again. This methodology resulted in at least 10 variations of the said malware, each one with a different MD5, but with the same behavior.


TROJ_STRAT.DR is a Trojan downloader that copies heavily from its worm brother. The same timing (a few days after MS patch Tuesday), the same e-mail details (pretending to be a patch from MS), and the same file attachment format (UPDATE-KBxxxx-x86).


This trojan downloads WORM_STRAT.DR from the VEDASETIONDERUN.COM domain. Interestingly, the said domain was created only yesterday, October 18, 2006. It seems to be that the domain was created for the sole purpose of hosting downloadable STRAT variants.


OPR 855 was quickly released to protect Trend Micro customers from this malware.

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.