Magistr.B's European focus baffles experts

UPDATE Europe has been hit by a new, even more destructive variant of the Magistr virus, but so far America has baffled experts by remaining immune.

The Magistr.B virus arrives as an email, and is contained in an executable file entitled readme.exe. While it does not appear to have spread as widely as its predecessor, observers say it could cause more damage to those who have been infected. Magistr.A itself remains active, with UK security firm MessageLabs detecting 93,000 cases since 14 March, including 28,000 cases in the UK.

Security firms say that there is no reason why the US should not see a Magistr.B infection, raising the possibility that an outbreak could still occur there. "I can't understand why [Magistr.B] is not going to the US -- we can never tell where such a virus is going to go, as the world has no boundaries with an email-borne worm," said Peter Cooper, UK support manager at antivirus firm Sophos.

Magistr.B spreads by email and generates random subject lines and body texts, and attaches itself as a random file with an .exe, .bat, .bif, .pif or.com extension. Unlike the typical mass-mailing virus, the new variant can pull addresses from the files of several email clients, including Outlook, Outlook Express, Eudora, Netscape Messenger and some Web-based email clients.

The trend in .exe email viruses is growing steadily, due to the ease with which modified versions of existing worms can be created. "With email viruses, you receive an email as well as an actual copy of the virus," said Cooper. "It is apparent that it is a virus by its .vbs or .doc extension. People who receive one may decide to tweak it for their own deviance, and call it their own."

This approach was used for the virulent Loveletter worm, which was written in plain text English -- making it simple for anyone to make minor variations.

Virus experts suspect that the variant was not created by the same author as the original. Cooper speculated that Magistr.B may have originated from the US, but was sent to Europe as a diversion tactic.

Like the original worm, Magistr.B overwrites hard drives, erases CMOS and flashes the BIOS on the affected system, rendering the computer unusable. It adds the ability to infect Eudora address books and disable the ZoneAlarm personal firewall before connecting to the Internet.

See the Viruses and Hacking News Section for the latest headlines.

See the Internet News Section for full coverage.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.