anvilfire logo (c) 1998 by Patrick Dempsey
anvilfire home

Blacksmithing News and Events
Coat of Arms from the town of  Eskilstuna, Sweden
Eskilstuna
Volume 24 - Page 15 of 16 May 2001
E-mail Virus Hits Blacksmithing Community
Continued from Page 1

On running a virus scan on the files it was determined to be PE_MAGISTR.A. This is a NEW virus, its real, its smart, and its deadly. And it is circulating in blacksmithing circles.

After identifying that this WAS a virus I sent mail to the sources that I had recieved it from and posted messages on the guru page about it.

This is a relatively NEW virus (March 1, 2001) and is very smart and very nasty. If you haven't updated your virus scan software since then it WILL NOT DETECT IT. As I mentioned, I recieved copies from two trusted members of our group. One is a PC-guru and should know better.

Trend Micro Anti-Virus

Trend Micro Anti-Virus House Call Virus scan These folks have a free on-line scan it takes a while to download its components but it will search and destroy the virus. space

VIRUS: PE_MAGISTR.A

Aliases:
MAGISTR.A, W32.Magistr, MAGISTR,
TROJ_ARF_JUDGE.A, JUDGE.A, ARF_JUDGE

Description:
This per-process, memory-resident, polymorphic virus uses complex routines and anti-debugging techniques, which make it very difficult to analyze. It has both virus and worm capabilities in that it infects the local system as well as all files with .EXE and .SCR extensions. Upon execution, it infects Windows System files and then sends infected files via MS Outlook/Outlook Express/Netscape Navigator to all addresses listed in the infected user's Windows and Outlook Express address book. Its destructive payload trashes the primary hard disk drive controller, overwrites CMOS RAM, and erases flash memory (BIOS). Due to its polymorphic nature the email that it comes with does not have a static subject line, message body, or attachment filename.
space

Virus details For you non-technical types what all this means is that once you open one of these attachements your system is infected. It then sends some of your old mail PLUS infected files to everyone on the mailing lists in Outlook Express or Netscape mail. It uses YOUR old mail and subject headings. Afterward it proceeds to destroy your system.

STOP Using MS Outlook or Outlook/Express mail. These are the world's leading spreaders of e-mail viruses. NEVER, EVER open attachments that can "execute". These are EXE's, COM, DLL, BAS and SCR files. If you can't tell then turn ON the option on your system that displays file extensions. Hiding file extensions is another Microsoft default setting that is VERY bad.

DO NOT trust the ICON. The virus sends one of its own randomly picked icons embedded in the file. You might THINK you are opening a graphic attachment but in fact are launching a program.

If you have not run the suspect files you can carefully delete them. THEN empty the trash bin. However, it is much too easy on a windows system to acidently RUN a file when you try to delete it. space

Virus Hoax: While we DO have the virus described above in our midst there is also a hoax warning going about. It tells you to find a specific file in your WINDOWS/SYSTEM folder or other such place and delete it. The problem IS that this is a real windows utility file you are being told to delete!

Viruses do not work like the hoax letter indicates. Virus files don't just magicaly appear in sub level folders. They come in through e-mail as a "Trojan", a file that has to be executed (RUN) by you or by your system as does many MS mail products.

Once executed:

  • The Trojan may create new files in the system area.
  • Modify the OS to run those files or itself everytime your systen is restarted.
  • Append its code to real system files
  • And of course, take advantage of the HUGE security holes in Windows to mail itself to your friends.
What this means is that once infected there is usualy more than ONE piece of the virus on your system and other changes that may need to be corrected. DO NOT apply home remedies to computer viruses. Use a current professional or commercial virus scan. And DO NOT believe everything that comes into your e-mail! Virus hoaxes are more common than viruses and are often equaly destructive.
Page 8  Page 9  Page 10  Page 11  Page 12  Page 13  Page 14  ][ Page 16  NEWS HOME
[ Anvilfire Home | Guru's Den | V. Hammer-In | Slack-Tub Pub | Power hammer Page | Links ]
[ iForge | Touchmark Registry | What's New! | Rate Card | Web Rings | 21st Century | AnvilCAM ]
May 2001 Edition
Comments to: Jock Dempsey editor@anvilfire.com
Copyright © 2001 by Jock Dempsey
Page Counter   -   Cumulitive News