Is Warezov a security concern?

Ask the Expert

Is Warezov a security concern?

I recently read an article regarding a new type of malware called "Warezov." From what I've read, it's prevalent in spam. Can you please provide an explanation of what Warezov is, if it's truly a security concern and what measures we enterprise infosec folk can take to protect against it?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

Warezov, also known as Stration and Stratio, is indeed a widespread scourge, having more than 300 variations so far and infecting hundreds of thousands of systems. For infection to occur, Warezov requires users to run an email attachment; the malware then spreads via the mass emails from infected systems. In that regard, Warezov is pretty common.

What makes Warezov more interesting, however, is its update capability. Warezov is a form of metamorphic code. The malware can update itself every 30 minutes, pulling new functions from a series of Web servers that the attackers have located. It evolves its functionality on a regular basis. When its creators upload another stage of Warezov on the Internet, hundreds of thousands of infected hosts will pick up the new module and run it. The elements of Warezov that we have captured so far don't have any malicious payload functionality; they just continually look for their new stages to be loaded. As of this writing, it is not yet clear what the attackers plan to do with their compromised hosts. A subsequent malicious module has not yet been captured in the wild, so we will have to wait and see what other functionalities may soon exist. The attackers might be preparing to distribute a bot. They can then create a botnet that causes denial-of-service floods, keystroke logging or other nastiness.

As for defending against such malware, make sure you have a widely deployed antivirus and antispyware infrastructure, and update it on a daily basis. Also, filter unwanted attachments at your border mail servers and educate your users not to open email attachments.

More information:

  • Read more about malware and its ever-evolving nature.
  • Take a look at this year's ten emerging malware trends.
  • This was first published in February 2007