Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Bombtrack


Aliases:


Bombtrack
Gennops

Malware
Virus
W32

Summary

BombTrack, a heavily armoured polymorphic virus, was distributed in BBS systems in the spring of 1994. It was hidden within the player for an erotic animation. Bombtrack is a memory-resident COM and EXE infector, about 2400 bytes long. It allocates 6 kB of DOS memory at runtime and infects executables when they are run. The virus achieves polymorphism by using variable decryptors buried in long runs of non-significant instructions. The virus uses a lot of anti-debugging tricks to prevent disassembly.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Before infection, the virus erases the MSAV and CPAV checksum files. It also carefully avoids infecting popular anti-virus scanners.

The virus contains several bugs. Some variants are not able to reproduce reliably and are, from a virocentric point of view, an evolutionary dead end. The activation routine is supposed to create a directory structure called "\BOMBTRA.CK\NEVER"ne". However, this operation is rather poorly implemented and almost always causes severe file system corruption.

The virus will sometimes infect an executable and fail to modify its entry point. Such files, at first sight similar to successfully infected ones, are not functional since the viral code never gets the chance to be executed. Finally, the virus doesn't take great care of the target's memory requirements: an infected COM file can grow to more than 64 KB and an infected EXE can grow larger than the memory it allocates. Such files are, unable to execute properly.

Bombtrack was the first Belgian polymorphic virus.


Variant:Bombtrack.B

Slightly modified variant.





Technical Details: Pierre Vandevenne, DataRescue sprl, Belgium



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.