Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

"Smash" virus' potential downplayed by experts

From: InfoSec News <isn () C4I ORG>
Date: Fri, 14 Jul 2000 13:21:50 -0500
http://news.cnet.com/news/0-1003-200-2258920.html?tag=st.ne.1430735..ni

By Erich Luening
Staff Writer, CNET News.com
July 14, 2000, 9:30 a.m. PT

A very rare but potent virus that launches on the 14th day of the
month could hit computers today, security experts warn.

The "Smash" virus, which is designed to affect Windows-based PCs, can
erase data on hard drives, experts said. Although there have been
reports of the virus in computer security labs in Europe, experts are
hesitant to strongly warn of its threat since the virus has not yet
been found outside virus and security labs.

"The theoretical side is it works, and if you get it, it will trash
your hard drive," said Simon Perry, a virus expert at Computer
Associates, which has issued a warning on the virus. "We wanted to put
something out there because some of our clients were reading about it
in the European media. If you get it, it's very damaging, but right
now it's not likely you'll get it." Computer Associates makes
antivirus software.

Technically, the virus uses low-level system calls that are made
directly to a system's memory. It uses a technique called "tunneling"
to corrupt or reformat hard drives, destroying all information
previously stored there, according to Computer Associates.

The unidentified authors use the so-called blue screen of death--the
screen that displays when the Windows operating system crashes--in
preying on common user reactions to such screens to launch the virus'
payload.

When activated, the virus displays a blue screen in Windows that
reads: "Virus Warning! Virus name is 'SMASH', project D version 0x0A.
Created and compiled by Domitor. Seems like your bad dream comes
true..."

According to a warning issued by Computer Associates, the next time
the computer is rebooted, the malicious code will go into effect,
making the machine unusable. "Since the machine hangs after the (blue
screen) message is displayed, it is likely that the user of the
machine would either press any key or try to reboot the machine at
this point, therefore unwittingly causing the payload to execute," the
warning said.

But Perry insists it is very unlikely consumers will experience the
Smash virus. "The chances are almost zero," and most antivirus vendors
have added detection for the virus over the past couple of weeks, he
said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: