[ISN] Online Game Spreads PC Virus

From: mea culpa (jerichoat_private)
Date: Wed Sep 02 1998 - 18:55:26 PDT

Next message: mea culpa: "[ISN] 6,000 Hackers Stumped in Efforts to Break Into Hungarian Web Site"

Previous message: mea culpa: "[ISN] SANS Shadow IDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded From: phreak moi <hackereliteat_private>

http://www.techweb.com/infoseek/wire/story/TWB19980827S0011
Online Game Spreads PC Virus
(08/27/98; 8:19 p.m. ET)
By John Borland, TechWeb

Electronic Arts' Origin gaming division launched a splashy new marketing
campaign Thursday, offering free Web downloads of a much-anticipated
sequel to its Wing Commander series. 

Problem was, the first copies of the game posted were infected with a
virus. 

Users who downloaded the game and tried to install it infected their
computers with a variant of the same virus that struck hundreds of
computers yesterday. Called one of the most damaging viruses in years by
some researchers, the W95.CIH virus activates on the 26th of the month,
wiping out some computers' flash memory. "It's what we call a fast
infector," said Carey Nachenberg, chief researcher at Symantec's
anti-virus research center. Once resident in a computer's memory, the
virus will quickly spread to any executable file that is opened, copied,
or accessed in any other way, he added. 

This quick-contagion power can make the virus difficult to uproot,
Nachenberg said. Using any of the major virus-scanning software will
actually spread the virus to each program as it is scanned. 

The virus surfaced several months ago, but did little damage during
previous months, researchers said. This month, however, virus-control
centers reported possibly thousands of computers affected, with up to 500
machines at a single location infected. 

Some users who downloaded the Wing Commander software Thursday said their
computers were rendered temporarily unusable after they inadvertently
loaded the virus. 

Infected computers can be cleaned by restarting from a clean boot disk,
Nachenberg said. Symantec also provides a free "Kill CIH" file on its
website that can be used with any major virus-cleaning software. The file
will disable the CIH virus's replication powers, and let the virus-scan
program work without reinfecting files. 

Origin posted an apology on its website Thursday afternoon, saying the
infected files had been available on its servers for more than two hours.
The files were taken down and replaced with clean files by midafternoon,
the company said. Origin officials could not be reached for comment by
press time. No information was available on how many computers had been
infected by the download. 

-o-
Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

Next message: mea culpa: "[ISN] 6,000 Hackers Stumped in Efforts to Break Into Hungarian Web Site"
Previous message: mea culpa: "[ISN] SANS Shadow IDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:03:02 PDT