Feeds

Hardware-trashing virus spreads by email

His Satanic Magistr requests

  • alert
  • submit to reddit

Internet Security Threat Report 2014

An new email-borne virus uses a number of fresh tricks designed to fool unwary Internet users.

Magistr is a polymorphic Windows 32 executable file virus which features the facility to reproduce itself within emails with randomly subject, body text and attachment names. It also carries a destructive payload containing code similar to the hardware destroying Kriz virus.

Like Kriz, Magistr can destructively flash a PC's BIOS as well as overwrite data. If users click on the executable attachment of an infected message they risk have their data overwritten and replaced by text files containing the message: "You think you are God, but you are only a piece of shit."

The virus searches a user's address book, mailboxes and other files present on an infected machine for email addresses. It specifically targets addresses from Outlook Express, Netscape Navigator and Internet Mail and News. Once a list of email addresses has been obtained, Magistr sends itself to these addresses using its own email client.

The virus, which spreads by infecting files and via email, has affected a number of users but its outbreak seems to have been contained. Antivirus vendors are in the process of updating virus definition files so that Magistr is detected, and protection is largely in place.

Alex Shipp, senior anti-virus technologist at MessageLabs, which scans customers email for malicious code, said the company had intercepted 26 copies of the virus - so far. By comparison, MessageLabs caught 9,000 copies of the Anna Kournikova bug in an equivalent period.

Graham Cluley, of antivirus vendor Sophos, claimed that Magistr strengthens arguments for practicing "safe computing", as users are unable to look for a specific subject header or file name in order to identify the virus.

Safe computing means that you do not open attachments to suspect, unexpected emails and you us up-to-date antivirus software, said Cluley, who added firms should also consider blocking executable files at corporate gateways because of the risk they pose.

This would mean that only IT staff could install software obtained over the Internet on machines but Cluley said the policy was still worth considering in the interests of security. ®

Intelligent flash storage arrays

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.