W32.Magistr.24876, a deadly virus that overwrites hard
drives and attempts to erase the Basic Input Output System (BIOS) providing
communication between the operating system and hardware, has finally hit India.
Chennai-based anti-virus provider, K7 Computing, has cited reports of the
symptoms of the virus discovered on March 13 from places as far as Kolkatta,
Chennai and Tuticorin.
Magistr, categorized both as a virus and a worm, spreads
by email, shared disks and on the local area network. Spread as an email
attachment with a size of at least 25-KB, it infects Windows Portable Executable
files except .dll system files when it is executed. It goes into memory using
Explorer.exe process. After waiting for three minutes, it infects a file in the
Windows directory to ensure that the virus is activated every time Windows is
rebooted.
It then sends emails to addresses gathered from the
Windows Address Book used by mail clients such as Microsoft Outlook, Microsoft
Outlook Express, the Outlook/Outlook Express Sent Items Folder and the Netscape
Address Book. It also spreads fast on the local area network infecting files in
the directories that are shared.
"In addition to being a deadly virus, Magistr
sometimes infects and attaches .doc or .txt file to the emails it sends out
which might result in the leakage of confidential files. It is similar to the
Kriz virus, based on the CIH virus, that gets activated on Christmas day,"
said J. Kesavardhanan, CEO, K7 computing.
"After sitting on the system for a month, Magistr
overwrites all disk files in the local and network drives making it almost
impossible to retrieve the lost data. The incubation period of one month gives
the virus enough time to multiply and spread the infection. We were on the
lookout for the virus in India after it hit the scene last week. We have updated
our Vx 2000 anti-virus to clean the Magistr virus and the updated version is
available in our site," he added.