W32.Magistr.24876@mm

Risk Level 2: Low

Printer Friendly Page

Discovered: March 13, 2001

Updated: February 13, 2007 11:36:05 AM

Also Known As: W32.Magistr.24876.int, W32.Magistr.24876.corrupt, I-Worm.Magistr.a [KAV], PE_MAGISTR.A [Trend], W32/Disemboweler [Panda], W32/Magistr-A [Sophos], W32/Magistr.a@MM [McAfee], Win32.Magistr.24876 [CA]

Type: Worm, Virus

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Due to a decreased rate of submissions, as of May 5, 2003, Symantec Security Response has downgraded the level of this threat from Category 3 to Category 2.

W32.Magistr.24876@mm:

Is a virus that has email worm capabilities and is network-aware.
Infects Windows Portable Executable (PE) files, with the exception of the .dll system files.

W32.Magistr.24876@mm sends email messages to addresses it gathers from the Outlook/Outlook Express mail folders (.dbx, .mbx), the sent items file from Netscape, and Windows address books (.wab), which mail clients, such as Microsoft Outlook and Microsoft Outlook Express, use. The email message may have up to two attachments, and it has a randomly generated subject line and message body.

NOTE: In many cases, this virus will "touch" files and send them as email attachments. Such files do not contain viral code and are considered clean. In such cases, it is safe to delete the file, and it would be prudent to inform the sender that the virus infected his or her system.

What are Portable Executable (PE) files?
Portable Executable (PE) files are files that are portable across all the Microsoft 32-bit operating systems. The same PE format executable can be executed on any version of Windows 95, 98, Me, NT, and 2000. Therefore, all the PE files are executable, but not all the executable files are portable.

A good example of a PE file is a screen saver (.scr) file.

Protection

Initial Rapid Release version March 13, 2001
Latest Rapid Release version September 25, 2009 revision 017
Initial Daily Certified version March 13, 2001
Latest Daily Certified version September 25, 2009 revision 020
Initial Weekly Certified release date March 13, 2001

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

Wild Level: Low
Number of Infections: More than 1000
Number of Sites: More than 10
Geographical Distribution: Medium
Threat Containment: Moderate
Removal: Moderate

Damage

Damage Level: High

Distribution

Distribution Level: High

Writeup By: Peter Ferrie

Technical Details

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}