Sensible Security does not consider this Trojan to be a network threat although it has been found in the wild. The following has been derived from information provided by Symantec, Network Associates and Sophos.

Virus Characteristics

Troj/Simpsons is a self-extractable ZIP file called SIMPSONS.EXE, which contains the files SIMPSONS.BAT and SIMPSONS.BMP. The file icon has been altered so that it looks like an installation package. When the executable file is run, it extracts the files and automatically runs SIMPSONS.BAT. This attempts to delete all files from drives A: to D: using the DELTREE command. This Trojan depends on the DELTREE command existing on a drive, if it does not then the Trojan will not launch. If the DELTREE command is deleted during the execution of the Trojan - then the Trojan will be unable to delete any further drives. During execution an MS-DOS window appears and reveals the Trojan deleting all files on each drive.

SIMPSONS.BMP is not a bitmap image but a valid ZIP archive file containing the files README.TXT, FILE_ID.DIZ and SAMPLE.EXE. These files are not viral or malicious.

The payload does not function on standard Windows NT and Windows 2000 installations
because DELTREE.EXE is not available.