1. /
  2. Security Response/
  3. W32.Magistr.24876@mm

W32.Magistr.24876@mm

Risk Level 2: Low

Discovered:
March 13, 2001
Updated:
February 13, 2007 11:36:05 AM
Also Known As:
W32.Magistr.24876.int, W32.Magistr.24876.corrupt, I-Worm.Magistr.a [KAV], PE_MAGISTR.A [Trend], W32/Disemboweler [Panda], W32/Magistr-A [Sophos], W32/Magistr.a@MM [McAfee], Win32.Magistr.24876 [CA]
Type:
Worm, Virus
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Due to a decreased rate of submissions, as of May 5, 2003, Symantec Security Response has downgraded the level of this threat from Category 3 to Category 2.

W32.Magistr.24876@mm:
  • Is a virus that has email worm capabilities and is network-aware.
  • Infects Windows Portable Executable (PE) files, with the exception of the .dll system files.

    W32.Magistr.24876@mm sends email messages to addresses it gathers from the Outlook/Outlook Express mail folders (.dbx, .mbx), the sent items file from Netscape, and Windows address books (.wab), which mail clients, such as Microsoft Outlook and Microsoft Outlook Express, use. The email message may have up to two attachments, and it has a randomly generated subject line and message body.

NOTE: In many cases, this virus will "touch" files and send them as email attachments. Such files do not contain viral code and are considered clean. In such cases, it is safe to delete the file, and it would be prudent to inform the sender that the virus infected his or her system.






What are Portable Executable (PE) files?
Portable Executable (PE) files are files that are portable across all the Microsoft 32-bit operating systems. The same PE format executable can be executed on any version of Windows 95, 98, Me, NT, and 2000. Therefore, all the PE files are executable, but not all the executable files are portable.

A good example of a PE file is a screen saver (.scr) file.

Antivirus Protection Dates

  • Initial Rapid Release version March 13, 2001
  • Latest Rapid Release version June 24, 2014 revision 006
  • Initial Daily Certified version March 13, 2001
  • Latest Daily Certified version July 28, 2013 revision 020
  • Initial Weekly Certified release date March 13, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: Medium
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: High

Distribution

  • Distribution Level: High
Writeup By: Peter Ferrie

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver