Posted
09th September 2001
Virus PE_MAGISTR.B
PE_MAGISTR.B is a per-process, memory-resident, and
polymorphic virus that installs itself in memory via
the EXPLORER.EXE process. It uses SMTP commands to send
emails to addresses it obtains from *.WAB, *.DBX, and
*.MBX files found in the infected system's disk. It
uses its infected files and other non-viral files as
attachment to the emails it sends out. The non-viral
file types include image files (.GIF), documents (.DOC),
and text files (.TXT).
This
variant uses text found in documents and text files
of the infected system for the subject and body of its
email. The attachments may have COM, .BAT, and .PIF
extension names, and because the worm uses the Blind
Carbon Copy field when sending email (or "BCC:"), its
emails have an empty "To:" field.
This
virus is capable of searching for all local drives,
mapped network drives, and shared directories that have
full-access privileges, therefore it can infect an entire
local network. It searches for the occurrence of certain
directories and infects .EXE and .SCR files contained
within.
When
the virus payload activates, the virus attempts to find
the NTLDR file on the root drive, and WIN.COM file in
the Windows directory, and overwrites them with a small
Trojan program that trashes the hard drive using direct
manipulation of the primary hard disk controller. This
file infecting virus has been upgraded from low risk
to medium risk due to an increasing number of infections.
For additional information about PE_MAGISTR.B.....
