Colext/Macondo
Cantina virtual de los COLombianos en el EXTerior
--------------------------------------------------
Este virus aparecio hace dos dias; sin embargo, como aun no se ha contagiado
Raymundo y todo el mundo lo tienen en etapa de analisis y precaucion.
Por si las moscas tomen nota,
Nestor Raul
---------- Forwarded message ----------
----- Forwarded by Richard Soucy/R5/FWS/DOI on 03/14/2001 04:23 PM -----
Terri Walker
To: Regional IRM Coordinators, Regional 03/14/2001
Security Managers, User Support, WO-IRM Office 02:27 PM
cc:
Subject:FWS Alert - New virus: W32.Magistr.worm
FedCIRC is distributing this precautionary alert about a new virus/worm, the
"Magistr" worm. FedCIRC, the NIPC, and the anti-virus vendors are giving this
worm a "medium to high" risk evaluation. The worm propagates itself using most
e-mail applications such as MS Outlook/Outlook Express and Netscape
Navigator/Messenger. At this time, FedCIRC has not received any reports of any
occurrences of this worm within the Federal government. However, FedCIRC
requests that you distribute this precautionary alert throughout your agency.
FYI - Please notify your users ASAP; update your antivirus profiles.
tw/bssm
703-358-1740
W32.Magistr.worm Internet Worm
The "Magistr" is officially known in the anti-virus community as W32.Magistr,
W32/Magistr@MM, IWorm_Magistr, I-Worm.Magistr, W32/Magistr.A, PE_Magistr.A, and
W32.Magistr.24876. It is a Win32 application written in Assembly language and
was designed to hide from the anti-virus detection tools. The worm propagates
itself via e-mail using the victim's e-mail address book. The e-mail message
has a random subject and message body. The body of the message is composed
from the contents of other files on the infected system. It attaches a
randomly named infected executable file (*.exe) and possibly other files.
It is also aware if the victim is attached to a network and tries to
infect the win.ini file or system registry on any network connected
PC/workstation/server that it can to allow it to be run at startup.
Possible Damage:
Besides infecting all non-DLL executable files in the victim's system, it
can damage the system in the following ways:
Overwriting sectors of the hard disk, CMOS erasing, and BIOS flashing.
If the CMOS or BIOS are modified, the infected system WILL NOT work. A new
motherboard will have to be installed.
Recommendations:
FedCIRC recommends that you update your virus signature files from your
anti-virus software vendor, that you block any ".exe" e-mail attachments if
your policy allows it, and that personnel be reminded to not run any
executables.
--------------------------------------------------------------
To unsubscribe send an email to: [EMAIL PROTECTED]
with UNSUBSCRIBE COLEXT as the BODY of the message.
Un archivo de colext puede encontrarse en:
http://www.mail-archive.com/[email protected]/
cortesia de Anibal Monsalve Salazar
