Aliases: W32/STAVRON

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 31 Mar 2006
Damage: Medium

Characteristics: The W32.Stavron.A application infects the Windows system and it is also spreading through the Network Share. Upon the implementation in the folder of Windows System, this worm plunges certain program. It renames the folders located in the hard disk. It overwrites files that originate in a folder having various junk data but it does not overwrite junk data on various files. This worm copies itself and at the same time searches for accessible network share.

More details about W32.Stavron.A

This worm program enters a computer through spam e-mail. The e-mail contains a single file attachment that launches the worm program when opened. The program launches on the computer stealthily. It does not get the user’s approval upon installation. The program starts up each time the computer is opened. This program spreads from computer to computer. The W32.Stavron.A application is capable of collecting e-mail addresses from the affected computer. It then e-mails itself to these addresses as a means of propagation. It can also spread to other computers when the affected system is connected to other machines through a single network. The worm application takes advantage of security errors and system vulnerabilities. System vulnerabilities are said to be one of the easiest ways to enter a computer without being detected by the user.

The W32.Stavron.A application may also utilize a rootkit tool to hide its presence in the computer. The rootkit tool renames the files of the program and its other components. This makes the computer worm hard to detect and remove.The W32.Stavron.A application has the capability to detect flaws in the system and exploit them. These flaws may include Buffer Overflow in SQL Server 2000, IIS5/WEBDAV vulnerability, RPC DCOM buffer overflow vulnerability and LSASS buffer overrun vulnerability.