Magistr.B is a dangerous variation - News

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

Magistr.B is a dangerous variation

By Robert Vamosi, 0
September 05, 2001
URL: http://www.zdnet.com.au/news/soa/Magistr-B-is-a-dangerous-variation/0,139023165,120258669,00.htm

Designed to bypass current antivirus scanners, this variation can spread via Eudora, Outlook, Netscape and other Internet email clients.

A new version of the polymorphic worm Magistr is lurking on the Internet. This new variation, Magistr.B (w32.Magistr.39921), has been reworked to evade most current antivirus software scanners. Like the original worm, Magistr.B features a payload that overwrites hard drives with garbage, erases CMOS and flashes the BIOS on the infected system, rendering the computer unusable. Unlike the original worm, Magistr.B can also infect Eudora address books and terminate the popular ZoneAlarm firewall before connecting to the Internet.

How it works
Magistr. B arrives as an email with the following information:

Subject: [random]

Body: [random]

Attached: [random file with an exe, bat, pif, com extension]

When executed, Magistr.B displays the following message from the original Magistr worm.

Another haughty bloodsucker.......
YOU THINK YOU ARE GOD ,
BUT YOU ARE ONLY A CHUNK OF SH--

Magistr.B then searches for all sent email addresses from Eudora, Outlook, Netscape Messenger and other Internet email clients, and sends randomly constructed messages to up to 100 people. Magistr.B contains its own SMTP email to send copies, bypassing Microsoft's Outlook Security Patch. Magistr.B also searches network resources, searching for Windows installations such as Windows 95, 98, Me, NT, and 2000, and infects all portable executable files found on remote systems.

Magistr.B will destroy the contents of the computer's hard drive and CMOS/BIOS information on Windows 95, 98, Me, NT, and 2000 systems.

Removal
Almost all the antivirus software companies have updated their signature files to include Magistr.B. For more information on removing Magistr.B from your system, see McAfee, Symantec, and Trend Micro.

Prevention
Here are the basic steps for containing the latest worm:

"Don't open attachments!" One of the best ways to prevent virus infections is not to open attachments, especially when viruses such as this polymorphic worm are being actively circulated. Even if the email is from a known source, be careful. A few viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the attached files first for viruses. Unless it's a file or an image you are expecting, delete it.
Get protected. If you don't already have virus protection software on your machine, you should.
Scan your system regularly. If you're just loading anti-virus software for the first time, it's a good idea to let it scan your entire system. It's better to start with your PC clean and free of virus problems. Often the antivirus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses.
Update your anti-virus software. Now that you have virus protection software installed, make sure it's up-to-date. Some antivirus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat. You can also scan your system for the latest security updates.