Forwarded From: Erik Parker <netmaskat_private> http://www.wired.com/news/print_version/technology/story/19280.html?wnpg=all 2:30 p.m. 22.Apr.99.PDT The havoc caused by the Melissa computer virus is tame compared with the destruction expected to strike on 26 April. The CIH virus is believed to be the first virus to attack a PC's BIOS (basic input/output system), the built-in program that helps a machine boot. The virus can overwrite hard drives, and because it has a long incubation period it is now believed to be widely distributed. "It's the most destructive [code] out there," said Roger Thompson, technical director of malicious code research at ICSA, an independent security assurance service that certifies antivirus software. "I think it's pretty bloody important," Thompson said. "We never release warnings about viruses because we don't want to hype them, but we issued a release about this one." Affecting Windows 95, 98, and NT machines, the virus first appeared last spring. Since then, it has spread widely, hidden in software installers on CD-ROMs and floppy disks, in email attachments, and in infected software shared by computer users, Thompson said. The virus is a Windows executable, or .exe, file that, when launched, sits dormant on an infected machine until it drops its "payload." That's expected to happen on Monday. The payload may overwrite the system's hard drive, erasing everything on it. The virus may also attack the portion of the machine's BIOS that affects the start-up sequence, making the computer unusable. However, due to the wide variety of different system designs, virus experts can only guess how many machines will be affected. Though the virus is not irreversible, experts said that resetting the BIOS is a major pain in the neck that's beyond the expertise of most computer dealers, let alone average users. "It's been out there spreading for some time now," said David Chess, a member of the researcher staff at IBM's High Integrity Computing Lab in the Thomas J. Watson Research Center. "It's reached the stage where it's endemic." In fact, the CIH virus was found on a batch of IBM Aptivas earlier this month, forcing Big Blue to issue a warning to thousands of customers. The CIH virus is version 1.2, a variant of the equally destructive Win95-CIH virus, which is timed to strike on the 26th of every month. Described when it appeared last spring as the mother of all viruses because of its destructive behavior, the Win95-CIH virus failed to live up to the hype because of its relative rarity. ICSA's Thompson counseled users to leave email attachments unopened on Monday and to run an updated antivirus program. Because the virus has been in circulation for a long time, almost all antivirus software can detect it. In fact, Thompson said that CIH's impact may have already been lessened by users running antivirus software to check for Melissa. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:37 PDT