This one seems mean.
I was wondering when these Email worms would turn nasty!
:
W32.Magistr.24876@mm is a virus that has email worm capability. It is also
network aware. It infects Windows Portable Executable (PE) files, with the
exception of .dll system files, and sends email messages to addresses that
it gathers from the Outlook/Outlook Express mail folders (.dbx, .mbx), the
sent items file from Netscape, and Windows address books (.wab), which are
used by mail clients such as Microsoft Outlook and Microsoft Outlook
Express,. The email message may have up to two attachments, and it has a
randomly generated subject line and message body.
Payload:
Large scale e-mailing: Uses email addresses from the Windows Address Book
files and Outlook Express Sent Items folder.
Causes system instability: Overwrites hard drives, erases CMOS, flashes the
BIOS.
Releases confidential info: It could send confidential Microsoft Word
documents to others.
Distribution:
Subject of email: Randomly generated text that can be up to 60 characters
long.
Name of attachment: One randomly named infected executable and several
randomly selected text or document files
Target of infection: All Windows PE files that are not .dll files.
This is the Payload:
then the virus will activate the first of its payloads. This payload is
similar to that of W32.Kriz, and it does the following:
Deletes the infected file
Erases CMOS (Windows 9x/Me only)
Erases the Flash BIOS (Windows 9x/Me only)
Overwrites every 25th file with the text YOUARESHIT as many times as it will
fit in the file
Deletes every other file
Displays the following message:
Overwrites a sector of the first hard disk
--------------------------------
People..this one is wicked..:-\
-Gel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
