Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.
There is site maintenance being carried out this weekend and there may be brief periods where we are unavailable. If so, please try again 10 minutes later.

A new variant of the Magistr virus has been detected

Cambridge UK, 4th September 2001, Kaspersky Lab, an international data-security software developer, warns users about the detection of the new variant of the dangerous "Magistr" virus. Kaspersky Lab has already received several reports regarding infection in Spain by this malicious program.
"'Magistr.b,' utilizes a substantially reworked encoding algorithm of the virus' code. Because of this, none of the known anti-virus scanners are able to recognize this new virus variant even with the heuristic code analyzer switched on," commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab.

Kaspersky Labs has effectively and efficiently reacted to the appearance of this new threat, releasing the corresponding Kaspersky(tm) Anti-Virus database update containing defense procedures thwarting "Magistr.b" at midnight on September 4 (i.e., last night).

This variant is characterized by exclusively dangerous side effects, and also noticeably reworked virus spreading procedures via the local network and e-mail.

In addition to destroying all files on the local and network disks, corrupting data stored in the CMOS memory (the computer hardware boot-up parameters) and FLASH BIOS microchip, "Magistr.b" overwrites the OS-loaders WIN.COM and NTLDR in such a way that under certain conditions upon the next computer start-up, all data on the local and network disks are deleted. While searching for target files to be infected, the virus also destroys files with the .NTZ extension. Also, if "Magistr.b" detects the active copy of "ZoneAlarm" personal firewall software running it automatically disables it.
In order to obtain e-mail addresses for the further spreading, "Magistr.b" scans the databases of Eudora, Outlook Express, Netscape Messenger, Internet Mail e-mail clients and the Windows address book. The virus, as an addition to .DOC and .TXT file formats, is able to attach .GIF files as well. In addition, a wide search is conducted for accessible network resources where "Magistr.b" will try to plant its copies. The virus searches the following folders: "WINNT", "WINDOWS", "WIN95", "WIN98", "WINME", "WIN2000", "WIN2K", and "WINXP." In this way, the virus is able to more effectively spread and noticeably improve its rate of "success" in penetrating victim computers.

"Today, 'Magistr's' first variant firmly holds a high position in the list of the most widespread malicious code, second only to the 'SirCam' Internet worm. Don't be in doubt that the latest 'Magistr' modification has the potential for being as wide spread as the original. This could lead to another global epidemic," said Denis Zenkin, Head of Corporate Communications for Kaspersky Lab.

As previously noted by Kaspersky Lab, 'Magistr' belongs to the category of viruses known as "sleepers." This virus type does not reveal itself until the moment the virus' payload activation arrives. The original 'Magistr' confirmed the Kaspersky Lab's prediction and within a month of detection, "Magistr" placed first in virus-activity ratings.

"Why wait for a catastrophe? Kaspersky Lab continuously recommends that users remain on the ball by having the latest Kaspersky Lab update installed, reliably protecting their computers from these virus threats," added Mr. Zenkin.

A more detailed description of the "Magistr" virus can be found in the Kaspersky Virus Encyclopedia.

About Kaspersky Lab

Kaspersky Lab Int. is a fast growing international privately owned data-security software-development company with offices in Moscow (Russia), Cambridge (UK) and Walnut Creek (United States). Founded in 1997, the company concentrates its efforts on the development of world-leading anti-virus technologies and software. Kaspersky Lab also provides free online security related Internet information services. The company markets, distributes and supports its software and services in more than 40 countries worldwide.

Media Contacts

Denis Zenkin
Kaspersky Lab, Ltd.
Phone: +7 (095) 797 87 00

Sara Claridge
Marylebone Media Relations
Phone +44 118 975 5188

This press release was distributed by ResponseSource Press Release Wire on behalf of Marylebone Media Relations in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit