|
|
|
|
|
|
The Return of "Magistr" A new variant of the Magistr virus has been detected – massively bad payload There’s a deadly new variant of the dangerous "Magistr" virus. There have been several reports regarding infection in Spain by this malicious program, which is predicted to spread epidemically. "'Magistr.b,' utilizes a substantially reworked encoding algorithm of the virus' code. Because of this, none of the known anti-virus scanners are able to recognize this new virus variant even with the heuristic code analyzer switched on," commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab. This variant is characterized by exclusively dangerous side effects, and also noticeably reworked virus spreading procedures via the local network and e-mail. Payload In addition to destroying all files on the local and network disks, corrupting data stored in the CMOS memory (the computer hardware boot-up parameters) and FLASH BIOS microchip, "Magistr.b" overwrites the OS-loaders WIN.COM and NTLDR in such a way that under certain conditions upon the next computer start-up, all data on the local and network disks are deleted. While searching for target files to be infected, the virus also destroys files with the .NTZ extension. Also, if "Magistr.b" detects an active copy of "ZoneAlarm" personal firewall software running it automatically disables it. This is one mean cookie. In order to obtain e-mail addresses for the further spreading, "Magistr.b" scans the databases of Eudora, Outlook Express, Netscape Messenger, Internet Mail e-mail clients and the Windows address book. The virus, as an addition to .DOC and .TXT file formats, is able to attach .GIF files as well. In addition, a wide search is conducted for accessible network resources where "Magistr.b" will try to plant its copies. The virus searches the following folders: "WINNT", "WINDOWS", "WIN95", "WIN98", "WINME", "WIN2000", "WIN2K", and "WINXP." In this way, the virus is able to more effectively spread and noticeably improve its rate of "success" in penetrating victim computers. "Today, 'Magistr's' first variant firmly holds a high position in the list of the most widespread malicious code, second only to the 'SirCam' Internet worm. Don't be in doubt that the latest 'Magistr' modification has the potential for being as wide spread as the original. This could lead to another global epidemic," said Denis Zenkin, Head of Corporate Communications for Kaspersky Lab. As previously noted by Kaspersky Lab, 'Magistr' belongs to the category of viruses known as "sleepers." This virus type does not reveal itself until the moment the virus' payload activation arrives. The original 'Magistr' confirmed the Kaspersky Lab's prediction and within a month of detection, "Magistr" placed first in virus-activity ratings.
Have your say - click here |
