W95.Sma


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 29 May 2002
Damage: Low

Characteristics: The W95/Sma program is an oligomorphic stealth virus that affects Windows 9x environments. This irus is a is network aware with a payload that executes arbitrary code which originates from a specific Internet Protocol address. This virus affects windows operating system such as Windows 95, Windows 98, Windows Me.

More details about W95.Sma

W95/Sma is a virus that runs on Windows 9x environments. When W95/Sma is run on Windows 9x environment, it changes to context ring0 and hooks the calls to the file system. After that, it infects files once they are accessed. If the virus is a resident, it tries to hide all the modifications it made to your files when they are opened. The virus has a routine, which has the ability to listen on port 53357 and receives any incoming data. When data are accepted, the virus run this data in a ring0 context. The text "NetSt0rm1.0" is encrypted in the code of the virus. This recommends that the back door functionality can be used by the author of the virus to perform a “Distributed Denial Of Service” attack via the infected hosts.

Systems that are affected with this program may appear to run slower than usual. This may be caused by the remote user’s activities on the affected system. The additional programs may also take up most of the computer’s local disk space. This worm application may easily spread to other computers. An infected system that is connected to other computers through a single network may be infected with the program.