Mail Archive sponsored by
Chazzanut Online
jewish-music
Virus in TO PROVIDE A LINK TO ANOTHER
- From: Lionel Mrocki <amrocks...>
- Subject: Virus in TO PROVIDE A LINK TO ANOTHER
- Date: Sat 12 Jan 2002 18.33 (GMT)
Warning, the posting "To provide a link to another" contains a
virus. Information below from Norton Anti-Virus.
32(dot)Magistr(dot)39921 (at) mm
Discovered on: September 3, 2001
Last Updated on: January 9, 2002 at 07:42:07 AM PST
Due to an increased number of submissions, Symantec has upgraded
this virus to a Category 3 rating on 9/6/2001.
W32(dot)Magistr(dot)39921 (at) mm is a new variant of W32(dot)Magistr(dot)24876
(at) mm(dot)
Also Known As: I-Worm.Magistr.b, W32(dot)Magistr(dot)B (at) mm,
W32/Magistr(dot)b (at) MM, Magistr(dot)32768 (at) mm
Type: Virus, Worm
Infection Length: 39,921 bytes
Virus Definitions: September 4, 2001
Threat Assessment:
Wild: Medium
Damage: High
Distribution: High
Wild:
Number of infections: 50 - 999
Number of sites: 3 - 9
Geographical distribution: Medium
Threat containment: Moderate
Removal: Moderate
Damage:
Payload: Large scale e-mailing: Uses email addresses from the
Windows and Eudora Address Book files, Outlook Express Sent Items
folder, and Netscape Sent Items files.
Causes system instability: Overwrites hard drives, erases CMOS,
flashes the BIOS.
Releases confidential info: It could send confidential Microsoft
Word documents to others.
Distribution:
Subject of email: Randomly generated text that can be up to 60
characters long. Name of attachment: One randomly named infected
executable and several randomly selected text or document files
Target of infection: All Windows PE files that are not .dll
files.
Technical description:
Here is a list of the additional features and behavioral
differences between W32(dot)Magistr(dot)39921 (at) mm and
W32(dot)Magistr(dot)24876 (at) mm:
Aware of Eudora address books (listed in Eudora.ini.)
Deletes *.ntz while searching for files.
Attempts to disable ZoneAlarm's user interface (this does not
disable the ZoneAlarm firewall functionality).
Adds an entry to the Shell=explore.exe line in the Boot section
of System.ini, calling the W32.Magistr.Trojan.
Searches for more Windows folders (Winnt, Windows, Win95, Win98,
Winme, Win2000, Win2k, Winxp.)
Emails an attachment that has a random extension (.exe, .bat,
.pif, or .com.)
Occasionally attaches .gifs to emails.
The payload overwrites the files Ntldr (Windows NT/2000/XP) and
Win.com (all Windows 32 OSs) on all drives with code that causes
it to store garbage data in the first sector of the first IDE
hard drive.
--
Regards,
Lionel Mrocki and Karen Amos
"The day Microsoft makes something that doesn't suck is probably
the day
they start making vacuum cleaners." -Ernst Jan Plugge
*************************************************************************************
Visit <<http://www.klezmania.com.au>> for the latest information
on
KLEZMANIA; Performance dates, Sound files, Photos and more.
Visit
<<http://members.optushome.com.au/amrocks/karenlionel.html>>
to see our family.
*************************************************************************************
- Virus in TO PROVIDE A LINK TO ANOTHER,
Lionel Mrocki