This family of worms is unusual in that new variants are being produced at an unprecedented rate, estimated to be up to one every 30 minutes at its peak, and downloaded from remote servers by infected machines to speed propagation.
[2] It was quickly discovered that the worm program, as well as propagating itself by sending out copies via e-mail, was downloading new variants from one of a number of remote servers.
These variants were generated by a program on those servers under control of the worm's creator(s).
Computer security firm F-Secure has worked with ISPs to shut down domains hosting the variants of the worm.
[3] The Stration worms employ social engineering to infect the target machine by arriving in an e-mail masquerading as a report from a mail server informing the recipient (in somewhat broken English) that their computer is infected due to an unpatched security flaw in Windows, and offering as an attachment a purported fix, which is in fact the worm program itself.