For those that are interested.
Dale
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 14, 2001 3:15 PM
Subject: NORMAN CUSTOMERS - Norman Customer Alert - W32/Magistr
NORMAN CUSTOMER ALERT
Date: March 14, 2001
Please be aware that a new mass mailing virus, W32/magistr@mm, alias
PE_Magistr.A, W32/Magistr.24876@mm, has been reported to be in the wild.
The
virus payload is very destructive, as it erases the hard disks(s) and
flashes
the computer?s BIOS, rendering the computer unable to start. At the
moment it
seems to be spreading relatively slowly, but it may develop into a major
risk
within the next couple of days.
This virus infects Win32 executables and will mass mail itself over email
by
direct SMTP. It will pick up email addresses from Microsoft Address book
and
other files containing email addresses.
Because this virus is polymorphic, the subject, body and name of the
attachment
appear to be randomly created by the virus.
It will usually arrive in email as an EXE file with a random filename.
Until full detection is in place, we advise strongly NOT to open .exe
email
attachments with unknown content, even from a known sender.
If you execute an infected file, it will infect your system and the virus
will
start its mass mailing routine to propagate itself. It enumerates all
network
resources looking for folders with the following names:
WIN 98
WIN 95
WINNT
WINDOWS
If a folder with these names is found, it copies itself to these folders
and
adds an entry to Win.ini to load itself at the next system startup.
The virus contains the following encrypted text:
ARF! ARF! I GOT YOU!@ v1rus: Judges Disemboweler. By: The Judges
Disemboweler,
written in Malmo (Sweden).
New signature files for version 4.8 are under development at this time. An
update that detects W32/Magistr will soon be published at our website,
www.norman.com, under the definition file entitled W32/Magistr.
Information and details on other worms, viruses and computer security
threats
can be found on our web site as well.
Thank you for using Norman Virus Control! Why not the best!
Norman Data Defense Systems, Inc.
9302 Lee Highway, Suite 950A
Fairfax, VA 22031
(888)GO-NORMAN