Simile (computer virus)
Simile | |
---|---|
Alias | Etap, MetaPHOR |
Type | Computer virus |
Technical details | |
Platform | Microsoft Windows |
Win32/Simile (also known as Etap and MetaPHOR) is a metamorphic computer virus written in assembly language for Microsoft Windows.[1] The virus was released in its most recent version in early March 2002. It was written by the virus writer "Mental Driller". Some of his previous viruses, such as Win95/Drill (which used the TUAREG polymorphic engine), have proved very challenging to detect.
When the virus is first executed, it checks the current date. If the host file (the file that is infected with the virus) imports the file User32.dll, then on 17 March, June, September, or December, a message is displayed. Depending on the version of the virus, the case of each letter in the text is altered randomly. On 14 May (the anniversary of
The virus then rebuilds itself. This metamorphic process is very complex and accounts for around 90% of the virus' code. After the rebuild, the virus searches for executable files in folders on all fixed and remote drives. Files will not be infected if they are located in a
See also
- Metamorphic code
- ZMist
- Self-modifying code
- Strange loop
- Polymorphic code
- Timeline of computer viruses and worms
References
- ^ "W32/Etap-A". Sophos. Retrieved 17 February 2013.
- ^ "Virus.Wind32.Etap". SecureList. Retrieved 17 February 2013.