Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » McAfee.com Warns of Magistr.a Virus Variation

McAfee.com Warns of Magistr.a Virus Variation

by Cyclop08 on September 9th, 2001 Anti-virus firm McAfee.com Friday says it has received a serious number of reports in South America and Europe of a virus circulating through e-mail boxes in the last two days.


This virus, named "W32/[email protected]," is a variant of "Magistr.a" and has been rated "medium risk" for corporate and home users due to the number of reports coming from the two continents.





So far, the Sunnyvale, Calif.-based company has received relatively few reports coming from within the United States.





The problem for businesses though is that this virus is a mass-mailing virus that may delete .NTZ files and disable firewalls.





The W32/[email protected] reportedly has a more complex encryption technique and some additional characteristics. These include the deletion of all .NTZ files on the local hard drive, the possible termination of the ZoneAlarm firewall program, and the use of random file extensions on the executables that it distributes.





The virus has also been reported to retrieve e-mail addresses from Eudora mailbox files (.MBX), overwrite the WIN.COM/NTLDR file, and send .GIF files found on the local machine to others along with itself.





In addition, the virus has maintained some characteristics of its predecessor, including the ability to use mass mailing techniques to send itself to e-mail addresses stored in several places. These e-mail addresses are gathered from the Windows Address Book, Outlook Express mailboxes, and Netscape mailboxes (addresses found in e-mail messages within existing mailboxes may also be gathered).





The messages sent by the worm contain various subject headings, body text, and attachments. The body of the message is derived from the contents of other files on the victim's computer. It may send more than one attachment and may include non-.EXE or non-viral files along with an infectious .EXE file.





From a sampling of some 150,000 computers, the company has seen a 12 percent infection rate worldwide, with 6 percent in South America, 12 percent in Europe, 10 percent Australia and 13 percent North America


Posted by Cyclop08


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »