This is a forwarded message From: cehardware <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Saturday, April 07, 2001, 5:02:52 PM Subject: RED ALERT,I've got 5 (five) Magistr virus this week. Virus destroy your data & flash motherboard. ===8<==============Original message text=============== Please forward this letter before Mid of April as the peak of the virus will be Mid of April 2001 !!! Para anggota [EMAIL PROTECTED], Harap berhati-hati dengan virus Magistr, karena diperkirakan Puncak dari payloadnya adalah pertengahan April. Jika anda terinfeksi data harddisk dan motherboard anda terancam rusak. Dear [EMAIL PROTECTED] members, beware of Magistr virus, the peak time of this viruses will be mid of April and if you got infected, yuor harddrive data and motherboard will be malfunctioning. Detail : W32.Magistr.24876@mm ALIAS: IWorm_Magistr, I-Worm.Magistr, W32/Magistr@mm PE_Magistr.A Hati-hati dengan virus Magistr, virus ini berbahaya dan sulit dideteksi dari Subyek atau Attachment, karena berubah-rubah. Virus ini menginfeksi Windows PE (Portable Executable file) kecuali .dll dengan ukuran infeksi 25 KB. Virus ini juga menyebar melalui network lokal. Virus ini perlu diwaspadai karena beberapa aksinya menyerupai CIH (Chernobyl) dan KRIZ dimana virus ini akan melakukan : Menghapus data Harddisk. Menghapus CMOS Flas BIOS Subyek email yang mengandung virus ini mengandung text random dengan perincian sebagai berikut : sentences you sentences him to sentence you to ordered to prison convict judge circuit judge trial judge found guilty find him guilty affirmed judgment of conviction verdict guilty plea trial court trial chamber sufficiency of proof sufficiency of the evidence proceedings against the accused habeas corpus jugement condamn trouvons coupable é rembourse sous astreinte aux entiers dépens aux dépens ayant délibéré le présent arrêt vu l',27h,'arrêt conformément à la loi exécution provisoire rdonn audience publique a fait constater cadre de la procédure magistrad apelante recurso de apelaci pena de arresto y condeno mando y firmo calidad de denunciante costas procesales diligencias previas antecedentes de hecho hechos probados sentencia comparecer juzgando dictando la presente los autos en autos denuncia presentada Hati-hati jangan mencoba untuk debugging / menganalisa virus ini tanpa pengamanan yang baik karena ia akan menghancurkan data di disk anda. (In English) http://www.f-secure.com/v-descs/magistr.shtml Magistr is a dangerous memory resident Win32 worm-virus. It spreads via Internet with infected emails, infects Windows executable files on affected computer (local computer) and is able to spread itself over a local network. The virus has an extremely dangerous payload. Depending on different conditions it erases hard drive data, CMOS memory and Flash BIOS data in the same way the Win95.CIH (aka Chernobyl) virus does. The virus infects PE EXE files (Win32 executables) in a complex and difficult-to-disinfect way. The virus encrypts its main code with a polymorphic engine and writes itself to the end of the file. To get control in an infected file, the virus patches a program entry code with one more polymorphic routine that passes control to the end of the file to main encrypted virus code. The virus itself is about 30Kb long program written in Assembler, and that is very large for a virus written in pure Assembler language. This large size however is caused by virus EXE infection algorithm, email and network spreading routines, polymorphic engines (there are two ones), payload routines and many tricks used by the virus to make its detection and disinfection more difficult. When the virus sample is run (from infected message for example, if a user clicks on an infected attachment) the virus installs itself as a component of EXPLORER.EXE (in Windows memory) and then operates in backgroud (being run as EXPLORER's thread). Being active and working in background it scans all files and infects PE executables. It also spreads itself with email as an attachment and infects computers over a network. The worm scans email database files of Outlook Express, Netscape Messenger and Internet Mail and News applications, gets email addresses from there and sends itself to these addresses. The infected message subject is composed from the following texts: Ingin cabut dari milis mailplus? Kirim e-mail kosong ke [EMAIL PROTECTED] Dilarang berjualan atau menawarkan barang. Kalau mau jual beli barang, silakan di milis [EMAIL PROTECTED] Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ ===8<===========End of original message text=========== -- Terima kasih Eko Junaedy www.NusaSpace.Com "Web Hosting Murah dengan Fasilitas yang Wah" Gratis Domain Com/Net/Org - Harga mulai Rp.10.000 - Mdaemon Support -- --MDaemon-L---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Untuk menghubungi moderator/List Owner double click link dibawah ini: <mailto:[EMAIL PROTECTED]> Untuk Unsubscribe, double click link dibawah ini langsung kirim <mailto:[EMAIL PROTECTED]> Untuk Subscribe, double click link dibawah ini langsung kirim <mailto:[EMAIL PROTECTED]> --POWERED BY MDAEMON!------------------------------------------------
