New Magistr worm at large on the Net
Published: 05 Sep 2001 09:56 BST
A new version of the polymorphic worm Magistr is lurking on the Internet. This new variation, Magistr.B (w32.Magistr.39921), has been reworked to evade most current antivirus software scanners.
Like the original worm, Magistr.B features a payload that overwrites hard drives with garbage, erases CMOS and flashes the BIOS on the infected system, rendering the computer unusable. Unlike the original worm, Magistr.B can also infect Eudora address books and terminate the popular ZoneAlarm firewall before connecting to the Internet.
How it works
Magistr.B arrives as an email with the following information:
Subject: [random]
Body: [random]
Attached: [random file with an exe, bat, pif, com extension]
When executed, Magistr.B displays the following message from the original Magistr worm.
Another haughty bloodsucker.......
YOU THINK YOU ARE GOD ,
BUT YOU ARE ONLY A CHUNK OF SH--
Magistr.B then searches for all sent email addresses from Eudora, Outlook, Netscape Messenger and other Internet email clients, and sends randomly constructed messages to up to 100 people. Magistr.B contains its own SMTP email to send copies, bypassing Microsoft's Outlook Security Patch. Magistr.B also searches network resources, searching for Windows installations such as Windows 95, 98, Me, NT, and 2000, and infects all portable executable files found on remote systems.
Magistr.B will destroy the contents of the computer's hard drive and CMOS/BIOS information on Windows 95, 98, Me, NT, and 2000 systems.
Removal
Almost all the antivirus software companies have updated their signature files to include Magistr.B. For more information on removing Magistr.B from your system, see McAfee, Symantec and Trend Micro.
Prevention
Here are the basic steps for containing the latest worm:
"Don't open attachments!" One of the best ways to prevent virus infections is not to open attachments, especially when viruses such as this polymorphic worm are being actively circulated. Even if the email is from a known source, be careful. A few viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the attached files first for viruses. Unless it's a file or an image you are expecting, delete it.
Get protected. If you don't already have virus protection software on your machine, you should. Scan your system regularly. If you're just loading antivirus software for the first time, it's a good idea to let it scan your entire system. It's better to start with your PC clean and free of virus problems. Often the antivirus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses.
Update your antivirus software. Now that you have virus protection software installed, make sure it's up-to-date. Some antivirus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat. You can also scan your system for the latest security updates.
See the Viruses and Hacking News Section for the latest headlines.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
65 out of 97 people found this useful
- Share this article:
