Virus Alert: W32.Magistr.24876@mm

W32.Magistr.24876@mm is a virus that has email worm capability. It is also network aware. It infects Windows Portable Executable (PE) files, with the exception of .dll system files, and sends email messages to addresses that it gathers from the Outlook/Outlook Express mail folders (.dbx, .mbx), the sent items file from Netscape, and Windows address books (.wab), which are used by mail clients such as Microsoft Outlook and Microsoft Outlook Express,. The email message may have up to two attachments, and it has a randomly generated subject line and message body.

Payload: Large scale e-mailing: Uses email addresses from the Windows Address Book files and Outlook Express Sent Items folder. Causes system instability: Overwrites hard drives, erases CMOS, flashes the BIOS. Releases confidential info: It could send confidential Microsoft Word documents to others.

Distribution: Subject of email: Randomly generated text that can be up to 60 characters long.

Name of attachment: One randomly named infected executable and several randomly selected text or document files

Target of infection: All Windows PE files that are not .dll files.

This payload is similar to that of W32.Kriz, and it does the following: Deletes the infected file; Erases CMOS (Windows 9x/Me only); Erases the Flash BIOS (Windows 9x/Me only); Overwrites every 25th file with the text YOUARESHIT as many times as it will fit in the file; Deletes every other file; Displays a message; Overwrites a sector of the first hard disk.

As Gel notes, this one is wicked. As always, be wary.

• Subscribe
• RSS

• Editorial
• Specials
• Community
• News
• Tech and Tags
• Views
• Reviews
• Techniques
• Security
• Best of ColdFusion Talk
• Knowledge Base
• Blog Watch

• Tipical Charlie