Symantec India
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre

Symantec discovers new computer worm infecting thousands

Corporations worldwide infected by virus W32.Magistr.24876@mm

MUMBAI -- March 14, 2001

WHAT:

Researchers at the Symantec AntiVirus Research Centre (SARC) have confirmed

W32.Magistr.24876@mm, an extremely fast-spreading polymorphic computer virus with email worm capability, is spreading itself across Europe and is expected to reach Australia overnight.

This virus is particularly dangerous as the email message may have up to six attachments and has a randomly generated subject line that has up to 60 characters, which makes identifying the virus very difficult as subject headings are never consistent.

When launched or executed the worm uses Microsoft Outlook and Windows Address book to email itself to all recipients in the users address book.

RECOMMENDATIONS/ PROTECTION:

Symantec customers can repair damage caused through the detection function within Norton AntiVirus. Definitions are currently being developed and should be available by Thursday 15th March.

Customers will be able to download the definitions via LiveUpdate or from the Symantec website at securityresponse.symantec.com.

SARC recommends that administrators filter for attachments with a VBS extension immediately.

CHARACTERISTICS OF INFECTION:

W32.Magistr.24876@mm is a polymorphic virus and worm that attempts the following actions:

  1. Infect all executable Windows files that are not DLLs;
  2. Spread via a STMP handler, meaning it does not need an e-mail client such as MS Outlook or Netscape to spread itself like with other dangerous worms and viruses;
  3. Gather e-mail address from the Windows address book and Outlook Express sent-items folders. It then attaches up to any six random files and generates a random subject line that contains up to 60 characters;
  4. It attempts to modify Win.ini files on network drives.

PAYLOAD:

Preliminary findings indicate that the virus and worm has a very dangerous payload.

ABOUT SYMANTEC ANTIVIRUS RESEARCH CENTRE (SARC):

SARC is one of the industry’s largest dedicated teams of virus experts. With offices located in the United States, Japan, Australia and the Netherlands, the sun never sets on SARC. The centre’s mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

ABOUT SYMANTEC:

Symantec, a world leader in Internet security technology, provides a broad range of content and network security solutions to individuals and companies. The company is a leading provider of virus protection, risk management, Internet content and email filtering, and mobile code detection technologies to enterprise customers. Headquartered in Cupertino, Calif., Symantec has worldwide operations in more than 24 countries.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Centre at http://www.symantec.com/PressCenter/ on Symantec's Web site.

Brands and products referenced herein are the trademarks or registered trademarks of their respective holders. All prices noted are in US dollars and are valid only in the United States.