Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 05 Sep 2003
Damage: Low

Characteristics: The W32.Strano application propagates through documents on Microsoft Word. It is a worm that propagates utilizing “dcc send” commands through IRC.

More details about W32.Strano

When this worm is being executed with the W97M.Strano macro virus, it infects the Microsoft Word document template default (normal.dot). The files and some of the documents that were infected are detected as the W97M.Strano. This worm creates a file that contains a source code for macro virus. This file is also detected as the W97M.Strano. It also locates the installation folder of Mirc. This worm creates a file named Strangerbox.ini in this found folder. This is detected as the IRC Family Gen. It transforms the file Mirc.ini in this found folder and adds the “[StrangerBox]” above of this file and also adds “n=strangerbox.ini” under the file. Also this worm adds a certain value in to the registry key. This worm doesn’t produce a file by the Strnngbox.exe name.

The W32.Strano program does not have End User License Agreement (EULA). It can install itself to computer without acknowledging the user. The program bypasses the personal firewall of the infected computer. The application may not undergo the standard installation procedure. The program may stay resident in the background unknown to the user. It may still continue its installation even if the user declines in the notification of installing the program. The W32.Strano application may be distributed from computer to computer through peer-to-peer network (P2P), Internet Relay Chat (IRC) and file sharing networks. The user may also unknowingly download the program by visiting dubious websites. Other malware application may also spread during program distribution. It may also be spread as an attachment in unsolicited e-mails.