[ISN] CIH virus to hit April 26th. Infecting tens of thousands

From: cult hero (jerichoat_private)
Date: Thu Apr 22 1999 - 17:08:03 PDT

  • Next message: cult hero: "[ISN] How to fight a cyberwar"

    Forwarded From: Erik Parker <netmaskat_private>
    2:30 p.m.  22.Apr.99.PDT
    The havoc caused by the Melissa computer virus is tame compared with the
    destruction expected to strike on 26 April.
    The CIH virus is believed to be the first virus to attack a PC's BIOS
    (basic input/output system), the built-in program that helps a machine
    boot. The virus can overwrite hard drives, and because it has a long
    incubation period it is now believed to be widely distributed.
    "It's the most destructive [code] out there," said Roger Thompson,
    technical director of malicious code research at ICSA, an independent
    security assurance service that certifies antivirus software.
    "I think it's pretty bloody important," Thompson said. "We never release
    warnings about viruses because we don't want to hype them, but we issued a
    release about this one."
    Affecting Windows 95, 98, and NT machines, the virus first appeared last
    spring. Since then, it has spread widely, hidden in software installers on
    CD-ROMs and floppy disks, in email attachments, and in infected software
    shared by computer users, Thompson said.
    The virus is a Windows executable, or .exe, file that, when launched, sits
    dormant on an infected machine until it drops its "payload." That's
    expected to happen on Monday.
    The payload may overwrite the system's hard drive, erasing everything on
    it. The virus may also attack the portion of the machine's BIOS that
    affects the start-up sequence, making the computer unusable.
    However, due to the wide variety of different system designs, virus
    experts can only guess how many machines will be affected.
    Though the virus is not irreversible, experts said that resetting the BIOS
    is a major pain in the neck that's beyond the expertise of most computer
    dealers, let alone average users.
    "It's been out there spreading for some time now," said David Chess, a
    member of the researcher staff at IBM's High Integrity Computing Lab in
    the Thomas J. Watson Research Center. "It's reached the stage where it's
    In fact, the CIH virus was found on a batch of IBM Aptivas earlier this
    month, forcing Big Blue to issue a warning to thousands of customers.
    The CIH virus is version 1.2, a variant of the equally destructive
    Win95-CIH virus, which is timed to strike on the 26th of every month. 
    Described when it appeared last spring as the mother of all viruses
    because of its destructive behavior, the Win95-CIH virus failed to live up
    to the hype because of its relative rarity.
    ICSA's Thompson counseled users to leave email attachments unopened on
    Monday and to run an updated antivirus program. Because the virus has been
    in circulation for a long time, almost all antivirus software can detect
    In fact, Thompson said that CIH's impact may have already been lessened by
    users running antivirus software to check for Melissa.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:37 PDT