Feature

Security firms warn of complex, high-risk virus

Security firms are warning of the appearance of a virus that is transferred by e-mail systems and by executable files.

Chris Mugan

The Magistr has been given a high damage rating by security firm Symantec because it has the capabilities of a worm and a virus.

As a worm, it can arrive attached to an e-mail message. But the code also has the ability of a virus to attach itself to other executable programs that can then launch the worm anew, via e-mail or files that PCs share.

"We've seen viruses before capable of mass mailouts, but they were not executable files," said Stuart Taylor, head of Sophos's virus lab.

Mike Read, professional services analyst at MIS, is warning that peer-to-peer networks are more at risk than client/server architectures.

"It's the most complex virus I've ever seen. It is particularly dangerous where PCs are directly connected, like ones that share a local directory on a Windows NT machine," he said.

Magistr infects a random Word file on the user's hard drive. It then attaches that file and five others to an e-mail that it sends to all addresses in the user's e-mail address book. While Kournikova could only use Microsoft Outlook, the new virus can use any e-mail system.

The code is especially dangerous for PCs as it attacks the Bios startup program, as well as executable files in the Windows directory, such as system files.

However, security experts have downplayed the potential disruption of Magistr because computer users have become more aware of the dangers of e-mails since the Anna Kournikova attack.

Sophos has been approached by only two organisations attacked by the virus while MIS has yet to hear from any.

Sophos's Taylor believes Magistr has arrived too soon after the last serious attack to cause widespread damage.

"The Kournikova virus came only a month ago. People are always afraid after a big attack, but after six months they will have forgotten about the damage it caused," he said.

Magistr has also failed to spread widely because its e-mail contains a randomly generated selection of words that read like gibberish, said Read at MIS.

"Unlike Love Letter, it doesn't pretend to come from a friend, so people should already be suspicious when they read it," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in March 2001

 

COMMENTS powered by Disqus  //  Commenting policy