A highly damaging new polymorphic email worm is spreading across Europe and expected to hit New Zealand today.
Like many of its predecessors, the W32.Magistr.24876@mm worm (also known as I-Worm.Magistr, PE_MAGISTR.A and W32.Magistr@mm) uses the Microsoft Outlook to email itself to all recipients in the users address book. But it can also use Windows and Netscape address books.
And according to researchers at the Symantec AntiVirus Research Centre the new virus is "particularly dangerous" as the email message may have up to six attachments and has a randomly generated subject line that has up to 60 characters, which makes identifying the virus very difficult as subject headings are never consistent.
The worm's payload is daunting. Apart from mailing itself on, it infects all files that are not .dll system files, causes Windows system instability, overwrites hard drives, erases CMOS data and flashes the BIOS of infected PC.
It is also network aware. It enumerates the computers on the network and searches for Windows folders that are named one of the following: WinNT, Win95, Win98 , Windows. If one of these folders contains a Win.ini file, the infected file is copied to that folder, and the Win.ini file is modified to contain a Run= line with a path to the infected file.
Symantec says the worm "could send confidential Microsoft Word documents to others."
Virus definitions are being developed now and will be available soon from the company's website at http://www.symantec.com/region/au_nz/avcenter/