[ISN] Online Game Spreads PC Virus

From: mea culpa (jerichoat_private)
Date: Wed Sep 02 1998 - 18:55:26 PDT

  • Next message: mea culpa: "[ISN] 6,000 Hackers Stumped in Efforts to Break Into Hungarian Web Site"

    Forwarded From: phreak moi <hackereliteat_private>
    Online Game Spreads PC Virus
    (08/27/98; 8:19 p.m. ET)
    By John Borland, TechWeb
    Electronic Arts' Origin gaming division launched a splashy new marketing
    campaign Thursday, offering free Web downloads of a much-anticipated
    sequel to its Wing Commander series. 
    Problem was, the first copies of the game posted were infected with a
    Users who downloaded the game and tried to install it infected their
    computers with a variant of the same virus that struck hundreds of
    computers yesterday. Called one of the most damaging viruses in years by
    some researchers, the W95.CIH virus activates on the 26th of the month,
    wiping out some computers' flash memory. "It's what we call a fast
    infector," said Carey Nachenberg, chief researcher at Symantec's
    anti-virus research center. Once resident in a computer's memory, the
    virus will quickly spread to any executable file that is opened, copied,
    or accessed in any other way, he added. 
    This quick-contagion power can make the virus difficult to uproot,
    Nachenberg said. Using any of the major virus-scanning software will
    actually spread the virus to each program as it is scanned. 
    The virus surfaced several months ago, but did little damage during
    previous months, researchers said. This month, however, virus-control
    centers reported possibly thousands of computers affected, with up to 500
    machines at a single location infected. 
    Some users who downloaded the Wing Commander software Thursday said their
    computers were rendered temporarily unusable after they inadvertently
    loaded the virus. 
    Infected computers can be cleaned by restarting from a clean boot disk,
    Nachenberg said. Symantec also provides a free "Kill CIH" file on its
    website that can be used with any major virus-cleaning software. The file
    will disable the CIH virus's replication powers, and let the virus-scan
    program work without reinfecting files. 
    Origin posted an apology on its website Thursday afternoon, saying the
    infected files had been available on its servers for more than two hours.
    The files were taken down and replaced with clean files by midafternoon,
    the company said. Origin officials could not be reached for comment by
    press time. No information was available on how many computers had been
    infected by the download. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:03:02 PDT