Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

Arcticbomb

From Malware Wiki
Jump to: navigation, search
Arcticbomb
File:ArcticPrePayload.png
TypeTrojan
Date1999
PlatformMicrosoft Windows (9x Series)
File Type*Win32 PE executable (.EXE)
Alias(es)*ArcticBomb
This box: view  talk  edit

Win32.Arcticbomb is a highly destructive trojan which runs on Microsoft Windows. This trojan is in a form of an executable with an image of an ignited stick of dynamite as its icon. It delivers the payload within 5 seconds when it is run.

The trojan works on Windows 9x (95, 98, and ME) only, while on NT versions (like NT 4.0, 2000, and XP) of Windows no effect will be taken.

Payload

Once executed, Arcticbomb deletes any and all files found on all local drives. This is carried out extremely fast, and the user has no time to save any of their data before it is destroyed.

This activity often happens so fast that it consumes the computer's memory output, resulting in an empty error message in Windows 3.1's White Box of Doom's style to appear (due to the loss of the fonts), notifying that the memory has been completely used up.

The trojan also scrambles the sectors. As a result, the user has no choice other than formatting and reinstalling the operating system.

Media

  • Analysis video by danooct1: youtube.com/watch?v=Ig4Kao2xGLA

zh:Arcticbomb