|Place of Origin|
|Platform||MS Windows 9x|
|File Type(s)||.dll, .exe, .scr|
|Infection Length||10,262 Bytes|
Smash is a polymorphic encrypted virus. It uses a rare form of polymorphism, and carries a destructive payload. In spite of being potentially terribly destructive, it was never widespread.
When an infected file is executed, Smash becomes memory resident. It switches from application mode to kernel mode, allocating a block of kernel memory and staying in memory as a VxD driver. The virus appends itself to the end of .dll, .exe and .scr files as they are searched, opened or run.
|Smash in action|
On the 14th day of July (some sources report the 14th of any month) the virus trojanizes the file C:\IO.SYS and displays the message:
Virus Warning! Your computer has been infected by virus. Virus name is 'SMASH', project D version 0x0A. Created and compiled by Domitor. Seems like your bad dream comes true...
The virus was reportedly very destructive, but not very widespread. In fact, it may have never even been wild. Antivirus companies were even hesitant to warn users about the virus, calling the threat "theoretical" and saying the chances were "almost zero" that users would actually encounter the virus. A few of the newer antivirus companies in Europe believed it would be a problem
Kaspersky Lab. Securelist.com, Virus.Win9x.Smash.10262.
PCHell, Smash Virus Help and Information.
Erich Luening. CNet News, "Smash" virus' potential downplayed by experts. 2000.07.14
CNN Tech, 'Smash' virus more hype than hurt. 2000.07.14