Posted by DaveH (64.252.8.31) on September 06, 2001 at 20:26:58:
CSRT Update - eSafe Protects You!
=================================
Win32.Magistr.b Vandal
Alias: W32/Magistr.B@MM, W32.Magistr.39921@mm, I-Worm.Magistr.b.poly,
PE_MAGISTR.B
Updated on: 4 September, 2001
Threat Level: Medium
Arrival Form: Email
Type: Win32, Trojan
Platforms: 95, 98, ME, NT, 2000
Damage: Crash Computer, Corrupt Bios, Corrupt OS, Modify Files, Steal
Information
Description:
------------
This is a new variant of the original Win32.Magistr vandal:
http://www.esafe.com/home/csrt/search_analysis.asp?virus_no=9411
This vandal spreads itself by sending mutated copies to email address found
in Outlook, Outlook Express, MS Mail and News and Eudora address books. It
will directly connect to mail servers and send itself via SMTP. It will
perform all the malicious activity as the original Win32.Magistr and
several new malicious activities.
The infected email has the following format:
Subject: A random subject line is generated out of a list of words
Attachments: several random files from the infecting PC and an infected
executable file with a random name
This vandal will infect most executable Windows files. The arriving
infected file might have the extensions: .EXE, .BAT, .PIF, .BAT.
Malicious Activity
------------------
Win32.Magistr.b does all the damage of the original version and in
addition, the following new malicious activity:
- Detect and close Zone Alarm firewall if found on the PC
- Send random GIF images
- Load its code from system.ini Shell=explore.exe by adding an entry
- Delete files with the .NTZ extension
eSafe Users
-----------
eSafe Desktop add Enterprise 3 are protected by the Sandbox proactive
security and will not be effected.
A new vandal/virus update is available.
For users of eSafe Enterprise/Desktop and eSafe Gateway 2.1, an update is
available from:
ftp://ftp.esafe.com/pub/updates/oxrupdinc.exe
eSafe Gateway 3 and eSafe Mail users can use the "Update now" option from
within the product eConsole.
New Users
---------
More information about eSafe Content Security Products as well as trial
versions are available from:
http://www.ealaddin.com/esafe
******************************* IMPORTANT ! **********************************
The content of this email and any attachments are confidential and intended
for the named recipient(s) only.
If you have received this email in error please notify the sender immediately.
Do not disclose the content of this message or make copies.
This email was scanned by eSafe Gateway CVP for viruses, vandals and
other malicious content.
******************************************************************************
--------------------------------------------------------------------------------
For any eSafe related questions, please contact esafe.support@ealaddin.com
--------------------------------------------------------------------------------
This email is being sent by Aladdin Knowledge Systems Inc. (www.eAladdin.com)
You have received this message because our records indicate that you have
requested this information. Our mailing list is for the exclusive use of
Aladdin Knowledge Systems and is neither sold nor given to third parties.
If you no longer wish to receive emails from Aladdin, or your email address
has been added to our list without your consent, please unsubscribe by visiting:
http://www.ealaddin.com/maillist/maillist_signin.asp
Thank you.
--------------------------------------------------------------------------------