SMACK virus

 


             *********************************************

             ***   Reports collected and collated by   ***

             ***            PC-Virus Index             ***

             ***      with full acknowledgements       ***

             ***            to the authors             ***

             *********************************************



  DARK AVENGER V2100 v?: SMACK

  ============================


  Report from Righard Zwienenberg (RiZwi):


   Virus Name:  SMACK

      Aliases:  Italian-1835, Patricia

    Discovery:  April 1991

         Type:  Parasitic Resident .COM & .EXE Infector

       Origin:  Italy

   Eff Length:  1835 bytes

  Documentation:  RiZwi of INFOdesk BBS The Hague (2:512/2@fidonet)


  Detection:


       HTSCAN/TBSCAN with the next signature for detection only:

       ;

       Smack Virus

       COM EXE

       A400B4408BD6B91800E89A00C3B904008BF883

       ;


  General Comments:


       The Smack Virus was received in April 1991. It is a parasitic

       resident .COM and .EXE infector with the viral code placed at

       the end of infected files.  The virus did get the name 'Smack'

       because of a message inside the viral code:


                      This virus was written in Italy by

                            Cracker Jack 1991 IVRL


                       All rights reserved, please don't

                              crack this virus!!


                      Special message to Patricia Hoffman:

                              I love you!!!!!!!!


                                 SmackSmack!!


                         Can you give me your telephone

                           number??? Ciao bellissima!


       When the virus is executed the first time, it will install

       itself in high memory, allocating 1856 bytes of memory and

       hooking interrupt 21. If an int 21 call is issued with

       ah=4b(Exec), ax=3D00h (Open to Read Only) or ax=6c00 (Dos 4.0

       Extended Open / Create with as access mode read-only), the

       virus will check wheter the file is a COM or EXE-File.


       If the file is an EXE-File and the filename ends with 'AN',

       'HA' or 'AK', the virus will perform a reboot, but if any

       interrupt between 0h en 0Ch was hooked, the system will most

       likely hang.


       If the filename is a valid one, the virus will check if the day

       of the system equals Friday.  If it is Friday, the virus will

       ask the uses a question:


                      Is today Friday? (Y/N)


       and will wait for an answer. If the 'y' or the 'Y'-key is

       pressed, the virus will write the following message:


                      Sorry but on Friday I wish not work!!


       and terminates to DOS. If any other key is pressed, the virus

       will write:


                      You are intruthful!!

                      For punishment I format your HD Fat!!


       Due to a bug inside the code the Fat will not be destroyed.


       If the file is a COM-File and the filename ends with 'ND', so

       the virus will not infect COMMAND.COM, the virus will also

       boot, as with invalid EXE-Files.


       If the COM-Filename is a valid one, the virus will check if the

       day of the system equals Saturday.  If it is Saturday, the

       virus should delete the first file in the current directory,

       but because of two bugs, this will not occur.


       If the length of the COM-File is below 1835 bytes or equal or

       above 64000 bytes, the file will not be infected.


       Infected files will not show any changes in the filetime and

       filedate as they are restored by the virus.


       Looking at the code, the virus is probably written by someone

       without much experience with assembler. There are useless

       instrutions within the code and every instruction is seperated

       by one or more NOP's.


[RiZwi]


  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Comments

Post a Comment

Popular posts from this blog

BOTTOM LIVE script

                                  BOTTOM                                   ======                     by Adrian Edmondson and Rik Mayall                                 Bottom Live                                 ===========                               Richie  Rik Mayall                                Eddie  Adrian Edmondson Introduction ------------ [Opening shot of theatre, with huge pictures of Richie and Eddie. Caption: "Live from the Mayflower Theatre, Southampton".] Vox Pop 1:  So I'm hoping that this is a lot ruder than the TV, because             they can get away with it. [Cut to Ade's dressing-room door. It opens to reveal a clothes rail, its only contents a brown jacket.] Vox Pop 2:  I just think they're ace, you know, absolutely excellent. [Cut to dressing-gown, pan across a pair of glasses and a revolver.] Vox Pop 3:  It couldn't be too rude, I mean that's what young people want. [Rik's dressing-room door.]
Read more

Fawlty Towers script for "A Touch of Class"

Fawlty Towers A Touch of Class Written by John Cleese and Connie Booth First of first series, first broadcast on September 19, 1975 on BBC2 Transcribed by Jason R. Heimbaugh (jrh@uiuc.edu) on October 10, 1993 Basil Fawlty  John Cleese Sybil Fawlty  Prunella Scales Manuel        Andrew Sachs Polly         Connie Booth Major Gowen   Ballard Berkeley Miss Tibbs    Gilly Flower Miss Gatsby   Renee Roberts Lord Melbury  Michael Gwynn Danny Brown   Robin Ellis Sir Richard   Morris Martin Wyldeck Mr Watson     Lionel Wheeler Mr Wareing    Terence Conoley Mr Mackenzie  David Simeon               [The Fawlty Towers reception lobby. The main entrance is at the               back, with the stairs to the right. The entrance to the dining               room is in the right wall; on the left, the reception desk               running along the left wall, with the entrance to the office               behind it. The entrance to the bar is beyond the desk.] Basil         [on th
Read more