Mass-mailers are dead! Long live mass-mailers!
Currently, exploits are the flavor of the month as far as malicious code authors are concerned. However, in recent days we have seen a few variants of a new mass-mailing worm called W32.Stration@mm successfully spreading on a moderate scale over the Internet. For some time now we have observed fewer and fewer new instances of mass-mailing worms, so it has now become a bit of a novelty to see that somebody is still willing to invest time and effort into creating a worm that uses this method as the primary means of propagation.
Mass-mailing worms have been around for a long time and people have, by and large, learnt to defend themselves more effectively against them. In the fight back, many administrators now block certain attachments on the gateway; some may apply email filtering such as Symantec Brightmail, provide user education, and use various other methods to help curtail the spread of mass-mailing worms. During the period from 2003 to 2005, it was not uncommon to see new variants of mass-mailing worms such as Netsky, Beagle and Mydoom appear nearly on a daily basis. The last truly effective mass-mailing worm we have seen was W32.Mydoom.AX@mm, which burst onto the scene back in February of 2005; in this case it managed to reach a category rating of 3. Since then, no other mass-mailing worm has achieved anywhere near the same level of success in propagation.
Despite all of the advances in technology and controls over the years, one of the soft spot in the defenses against mass-mailing threats is still the user. Most mass-mailing worms employ some form of social engineering to trick recipients into opening and running the attachments. As sure as the sun will rise everyday, there will always be new, inexperienced users to take the bait. For this reason we can expect that the mass-mailing technique will continue to be used in the arsenal of the threat authors and will remain effective, but not spectacularly so; W32.Stration.C@mm is a case in point. For those of you affected by W32.Stration.C@mm, you'll be glad to know that a full system scan using the latest definitions will clean the threat from your computer, malicious files and registry keys included.