CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

"Smash" virus' potential downplayed by experts

Security experts downplay the threat of the very rare but potent virus that launches on the 14th day of the month that could hit computers today.

    A very rare but potent virus that launches on the 14th day of the month could hit computers today, security experts warn.

    The "Smash" virus, which is designed to affect Windows-based PCs, can erase data on hard drives, experts said. Although there have been reports of the virus in computer security labs in Europe, experts are hesitant to strongly warn of its threat since the virus has not yet been found outside virus and security labs.

    "The theoretical side is it works, and if you get it, it will trash your hard drive," said Simon Perry, a virus expert at Computer Associates, which has issued a warning on the virus. "We wanted to put something out there because some of our clients were reading about it in the European media. If you get it, it's very damaging, but right now it's not likely you'll get it." Computer Associates makes antivirus software.

    Technically, the virus uses low-level system calls that are made directly to a system's memory. It uses a technique called "tunneling" to corrupt or reformat hard drives, destroying all information previously stored there, according to Computer Associates.

    The unidentified authors use the so-called blue screen of death--the screen that displays when the Windows operating system crashes--in preying on common user reactions to such screens to launch the virus' payload.

    When activated, the see CNET Software: Protect yourself from a virus attackvirus displays a blue screen in Windows that reads: "Virus Warning! Virus name is 'SMASH', project D version 0x0A. Created and compiled by Domitor. Seems like your bad dream comes true..."

    According to a warning issued by Computer Associates, the next time the computer is rebooted, the malicious code will go into effect, making the machine unusable. "Since the machine hangs after the (blue screen) message is displayed, it is likely that the user of the machine would either press any key or try to reboot the machine at this point, therefore unwittingly causing the payload to execute," the warning said.

    But Perry insists it is very unlikely consumers will experience the Smash virus. "The chances are almost zero," and most antivirus vendors have added detection for the virus over the past couple of weeks, he said.