Users login

Create an account »


Users login

Home » Hacking News » Magistr variant poses global risk

Magistr variant poses global risk

by Cyclop08 on September 10th, 2001 The dangerous Magistr virus, which still dominates the top 10 most common viruses list, has reappeared as a new variant.

According to antivirus experts, a "substantially reworked" encoding algorithm of the virus has been reported in the wild several times over the last few days.

The tweaked algorithm apparently means that none of the known antivirus scanners are able to recognise the variant through heuristic analysis.

The virus spreads via email, scanning programs including Eudora, Outlook Express, Netscape Messenger, Internet Mail email clients and the Windows address book.

"Today, Magistr's first variant firmly holds a high position in the list of the most widespread malicious code, second only to the SirCam internet worm," said Denis Zenkin, head of corporate communications at Kaspersky Labs.

"Don't be in doubt that the latest Magistr modification has the potential for being as widespread as the original. This could lead to another global epidemic," he added.

Belonging to the category of viruses known as 'sleepers', which do not reveal themselves until the moment the payload is activated, this variant is characterised by exclusively dangerous side effects, and has noticeably reworked virus spreading procedures via email and the local network.

In addition to destroying all files on the local and network disks, corrupting data stored in the CMOS memory and Flash BIOS microchip, Magistr.b overwrites the operating system loaders WIN.COM and NTLDR in such a way that, under certain conditions, all data on the local and network disks is deleted on the next computer start-up.

Posted by Cyclop08

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »