Sabtrax Sabtrax

Tech Time Warp: Magistr “disembowels” computers

Tech Time Warp: Magistr “disembowels” computers

Tech time warp

Software Threat

In early 2001, a nasty bug began making the rounds, hitting computer users hard with a particularly challenging payload as seen in this edition of Tech Time Warp. Magistr—sometimes called “Disemboweler” after the Swedish hacker group thought to be behind it—was typically an email worm, though it could also spread by local area network or shared disk.

Magistr had some interesting traits. It arrived with a randomly generated subject line, sometimes using words from text files on its originating PC and sometimes using English and Spanish phrases built into its code. This made it next to impossible to warn computer users about specific subject lines.

Stealthy infection and destructive payload

Messages infected by Magistr also carried six attachments. Five of which were text or Word files from the originating PC and a sixth carried the virus. This sixth file looked like a bitmap but it actually had several spaces followed by .exe.

Should the recipient open the bitmap-disguised executable, Magister would pull addresses from the computer’s Outlook Express address book and then send the messages using a built-in email program. Because the recipient had to open the executable, the virus spread somewhat slower than other email worms.

Once a computer was infected with Magistr, the malware lay in wait for one month before its payload was triggered. Magistr replaced data and system files with a repeated text phrase and then began attacking the machine’s CMOS and Flash BIOS. To top it all off, Magistr posted a nasty message for the user and then caused the computer’s icons to “run away”—moving away from the cursor.

Magistr dominated virus activity for most of 2001. A sequel virus, Magistr.B., made its debut in 2002, though curiously it had little impact in the United States.

Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.

Photo: Ton Snoei / Shutterstock

Go to Source

Share Post :