filmscanners: Virus Alert

[Dale Gail]

- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 18, 2001 3:40 PM
Subject: NORMAN CUSTOMERS - Norman Customer Alert




 NORMAN  CUSTOMER ALERT

 Date: April 18, 2001

 A new mass-mailing email worm, [EMAIL PROTECTED] has been reported in
the
 wild.

 If you have a Microsoft Outlook address book, the matcher virus will send
itself
 to your email addresses when activated.

 Its message looks like this:

 Subject:  Matcher
 Body: Want to find your love mates!!! Try this its
cool --
 Looks and Attitude Matching to opposite sex.

 Attachment:matcher.exe

 When executed, the matcher will install itself in your registry, so it
will run
 every time you start-up your computer.  If you are infected with this
worm, the
 message, "from: Bugger" will appear on your screen during start-up and
wait for
 you to press a key.

 We have posted the new definition file to identify and clean this virus on
our
 web site at www.norman.com, under the definition file for W32/Matcher.

 And please visit http://www.norman.com/virus_info/w32_matcher.shtml for
more
 details on this virus.

 Thank you for using Norman Virus Control! Why not the best!

 Norman Data Defense Systems, Inc.
 9302 Lee Highway, Suite 950A
 Fairfax, VA 22031
 (888) GO-NORMAN

Re: filmscanners: Virus ALERT - W32/Magistr

[Tony Sleep]

On Wed, 14 Mar 2001 15:36:43 -0500  Dale  Gail ([EMAIL PROTECTED]) wrote:

 Subject: NORMAN CUSTOMERS - Norman Customer Alert - W32/Magistr

Please see [EMAIL PROTECTED]
if you are concerned about this.

Regards 

Tony Sleep
http://www.halftone.co.uk - Online portfolio  exhibit; + film scanner info  
comparisons

filmscanners: Virus ALERT - W32/Magistr

[Dale Gail]

For those that are interested.

Dale


- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 14, 2001 3:15 PM
Subject: NORMAN CUSTOMERS - Norman Customer Alert - W32/Magistr




 NORMAN CUSTOMER ALERT


 Date: March 14, 2001

 Please be aware that a new mass mailing virus, W32/magistr@mm, alias
 PE_Magistr.A, W32/Magistr.24876@mm, has been reported to be in the wild.
The
 virus payload is very destructive, as it erases the hard disks(s) and
flashes
 the computer?s BIOS, rendering the computer unable to start.  At the
moment it
 seems to be spreading relatively slowly, but it may develop into a major
risk
 within the next couple of days.

 This virus infects Win32 executables and will mass mail itself over email
by
 direct SMTP. It will pick up email addresses from Microsoft Address book
and
 other files containing email addresses.

 Because this virus is polymorphic, the subject, body and name of the
attachment
 appear to be randomly created by the virus.

 It will usually arrive in email as an EXE file with a random filename.

 Until full detection is in place, we advise strongly NOT to open .exe
email
 attachments with unknown content, even from a known sender.

 If you execute an infected file, it will infect your system and the virus
will
 start its mass mailing routine to propagate itself. It enumerates all
network
 resources looking for folders with the following names:

 WIN 98
 WIN 95
 WINNT
 WINDOWS


 If a folder with these names is found, it copies itself to these folders
and
 adds an entry to Win.ini to load itself at the next system startup.

 The virus contains the following encrypted text:

 ARF! ARF! I GOT YOU!@ v1rus: Judges Disemboweler. By: The Judges
Disemboweler,
 written in Malmo (Sweden).

 New signature files for version 4.8 are under development at this time. An
 update that detects W32/Magistr will soon be published at our website,
 www.norman.com, under the definition file entitled W32/Magistr.

 Information and details on other worms, viruses and computer security
threats
 can be found on our web site as well.

 Thank you for using Norman Virus Control! Why not the best!




 Norman Data Defense Systems, Inc.
 9302 Lee Highway, Suite 950A
 Fairfax, VA 22031
 (888)GO-NORMAN