VirusW32/Magistr.A
Analysis
- Virus is 32bit, with a size of 24,876 bytes in
viral code
- Virus may modify the "run=" line within
the WIN.INI configuration file for Windows 9x in an
effort to load the virus at Windows startup
- Virus attempts to send itself using SMTP to email
addresses scavenged from the host infected system
- email addresses are captured from various files
on the system including .DBX extension mail box files
- Message is structured such that an I-Frame exploit
will cause the attachment to launch automatically
when the message is either opened or previewed in
Outlook -
- The email message will have an additional file attachment, typically a file with .HTM extension, which is a clean and non-infectious file - in addition, the from address is forged.
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |