Hi Ben, Nice sentiments, I Thank You.
Whether it was pure luck or just speedy reaction, I don't know, but just two
machines became infected.
All files were Windows .EXE's. One took 22 hits, the other 40.
All were detected and recovered by Inoculate (now eTrust.com) and apart from
using our addresses to spread itself further, we were very lucky by the
sounds of it, we suffered no further damage.
I feel for anyone else who received this and suffered further. It clearly
demonstrates we each have a responsibility to the e-community at large to
keep ourselves fireproof and restrict their ability to spread .
I always thought viruses were stupid, spiteful, personal kudos things, but I
enclose a brief clip from an article received from Silicon.com today (free
to subscribe to). Maybe there is a much more serious side to them and maybe
someone is practicing single-arm press-ups ?
> Lawrence Gershwin, the US national intelligence officer for science and
technology, told Congress late last week that Russia and China "appear" to
be developing computer-based tools with the potential to do long-lasting
harm to the US economy.
>
> He claimed cyber attacks would play a major role in the "next wave of
military operations. We've certainly seen that from countries such as China
and Russia."
>
> Apparently, a "fair number" of other states have "active" programmes, but
he refused to say more before a Congressional committee because the
"information is classified".
>
> He did say that hackers don't pose a serious threat to national-level
infrastructures just yet, although the US does anticipate "more substantial
cyber threats in the future as a more technically competent generation
enters the terrorist ranks".
>
> Viruses are likely to become more controllable as well, making them more
"suitable for weaponisation". But fear not - Gershwin wants us to know that:
"Bombs still work better than bytes."
>
(Or are such scare stories just a way to keep Tax Payers chipping in to
defence budgets ???)
Stay Clean and may McAfee be with you.
David Atkinson
[EMAIL PROTECTED]
www.skidbusters.co.uk
----- Original Message -----
From: "Ben Johansen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 29, 2001 11:27 PM
Subject: RE: Description of mjistr virus
> Hi,
>
> I feel for you.
> It tried to get in but Mcafee squished it.
>
> How bad was the damage?
> How many computers?
> were you able to recover computers?
>
> Ben Johansen
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of David Atkinson
> Sent: Friday, June 29, 2001 2:21 PM
> To: RBase List
> Subject: Description of mjistr virus
>
>
> Re the Magistr Virus which caught us with our pants down - I received the
> following:
>
> David Atkinson
> [EMAIL PROTECTED]
> www.skidbusters.co.uk
>
> ----- Original Message -----
> From: "John Blaney" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, June 29, 2001 5:18 PM
> Subject: Description of majistr virus
> >
> > Win32.Magistr.24876 (also known as W32/Magistr@MM, PE_MAGISTR.A,
> > W32.Magistr.24876 and I-Worm.Magistr)
> > Magistr is a polymorphic binary virus/worm targeting Windows 9x/ME/2K
> > systems and has been reported from the field.
> >
> > When run, this virus will make a copy of an EXE or SCR file in the
system
> > directory, give it a slightly different name and infect the copy. The
> virus
> > then adds a reference to this infected file to the following registry
key:
> >
> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
> >
> > For example, under test conditions the virus copied "CFGWIZ32.EXE" to
> > "CFGWIZ31.EXE" and added the key:
> >
> >
>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CFGWIZ31="C
> > :\WINDOWS\SYST EM\CFGWZ31.EXE"
> >
> > It may also add the filename to the "run=" line in WIN.INI.
> >
> > On the next reboot, the infected copy will infect other .EXE and .SCR
> files
> > in the System directory and its subdirectories.
> >
> > The virus searches for e-mail addresses in Outlook Express and Netscape
> > mailboxes, as well as the Windows address book (.WAB) files. It stores
> > information about the location of these mailboxes in a hidden file in
the
> > Windows directory with the extension ".dat". The rest of the filename is
> > randomly generated based on the computer name.
> >
> > Using its own SMTP code (by connecting to the mailserver directly), the
> > virus then sends an e-mail message to all of the addresses it has found.
> The
> > subject and body of the e-mail are taken from files on the infected
> > machine's hard drive, and therefore may be any collection of ASCII
> > characters. An infected file is attached to the e-mail.
> >
> > Besides using SMTP to spread, Magistr also tries to connect to shares in
> the
> > network neighborhood. If it can connect to a network drive, it will try
to
> > copy itself to the following directories and add a "run=" line to the
> > WIN.INI file on the remote machine to infect it on the next startup:
> >
> > WIN95
> > WIN98
> > WINDOWS
> > WINNT
> >
> > The virus code contains a procedure to overwrite files on the hard drive
> as
> > well as the CMOS data and Flash BIOS code. Whilst the CMOS data is
> > recoverable, the loss of the Flash BIOS code could potentially render a
> > computer unbootable.
> >
> >
> >
> >
> > _______________________________________________
> >
> >
>
>
>
>
