Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Swamp


Aliases:


Swamp

Malware

W32

Summary

This is not a virus, bot a hoax which was originally distributed on the April Fools Day in 1996. Ignore it.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Here's the original hoax:

---HOAX MESSAGE STARTS---

SWAMP VIRUS

Synopsis

A new extremely threatening virus has been discovered. Its key features are

  • it is a hardware based virus
  • it can be transmitted over any communications network
  • it does not require executable code to travel
  • it is a targetable virus i.e. the virus can be set to target a particular PC or group of PCs
  • it is immune to existing anti-virus software

Introduction

This is a brief paper summarising what is known about the new virus. Techniques for preventing infection are proposed.

Virus Description

The new virus has become known as the Swamp Virus. Its official reference number is 01/0496.

Type

The Swamp Virus is a hardware based virus. It attacks the internal hardware of the PC causing electrical problems. These in turn cause software problems rendering the PC completely unusable. In many cases the PC will become usable again once it has got over the .attack.; in others the PC is effectively destroyed.

Transport

The Swamp Virus can only be transmitted directly over the Internet or other communications network. It does not have to be executable code; it can be carried on any data stream whatsoever. It cannot be conducted from PC to PC via floppy disk.

Technique

It works by utilising TCP/IP, the communications and internetworking protocols, at a very low level. Indeed it is attached to data streams at the bit level.

Background

Experts in many countries have been working on ways to improve the carrying capacity, or bandwidth, of existing networks using techniques such as multiplexing. Scientists from the Avril Institute in Bern, Switzerland, have developed a technique whereby a small number of molecules of various substances can be attached to data at the bit level. Their goal is to cease using the bit as a data item and to use it merely as a carrier for the data. The data is physically mapped onto the molecules using the protons and electrons, the neutrons and neutrinos being used for control information and parity checking. Use of this technique will expand the capacity of a network by the data capacity of the molecules. The data carrying capacity of the bit will depend on the size of the attached molecules. The only identified drawback with this development is that a high speed communications link is required. This is because the molecules must remain in a gaseous state to stay attached to the bit. To remain in this state they require the friction - and consequent heat - developed by the high speed link. As soon as the friction and heat are removed the molecules condense and lose their data carrying capacity as well as their attachment to the bit.

Impact

This technological advance has been seized upon by an Anarchist Hacker Group - the April I Group. They have stolen equipment from the Avril Institute and have been using it to attach water molecules in a gaseous form to the bit streams generated by TCP/IP when sending emails. As soon as the email is received by your PC it loses the friction from the high speed link and the water molecules condense within the data bus on the motherboard.

This causes electrical problems, and, in the case of large

emails, total destruction of the motherboard due to .swamping..

Risk

It is believed that the April I Hacker Group - are planning to flood the Internet with vast quantities of email messages during the early part of April with particular emphasis being placed on the 1st - the anniversary of the day their self-appointed leader was arrested and charged with breaking out of a secure Government computer system.

Protection

It is strongly recommended that you do not receive any email on that day. This will provide 100% protection for your PC. Unfortunately, however, it is thought that many of the hundreds of mail servers on the Internet may suffer damage as your email messages are held by them pending retrieval. As your messages will be held on disk, the absence of friction over the communications network will cause the water molecules to condense from their gaseous form, damaging the motherboards on the mail servers.

Emails received after this date will be quite safe as the attached water molecules will have already condensed from the email bit stream.

Further information can be obtained from Professor P. Ranque at the Avril Institute. Email p_ranque@avril.fuel.edu

---HOAX MESSAGE ENDS---





Description Created: Mikko Hypponen, F-Secure



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.