W32/Magistr.A
Analysis
- Virus is 32bit, with a size of 24,876 bytes in
viral code
- Virus may modify the "run=" line within
the WIN.INI configuration file for Windows 9x in an
effort to load the virus at Windows startup
- Virus attempts to send itself using SMTP to email
addresses scavenged from the host infected system
- email addresses are captured from various files
on the system including .DBX extension mail box files
- Message is structured such that an I-Frame exploit
will cause the attachment to launch automatically
when the message is either opened or previewed in
Outlook -
- The email message will have an additional file attachment, typically a file with .HTM extension, which is a clean and non-infectious file - in addition, the from address is forged.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |