[ISN] Security firm warns of new Chernobyl

From: InfoSec News (isnat_private)
Date: Tue Dec 03 2002 - 01:36:32 PST

  • Next message: InfoSec News: "[ISN] Sybase patches three security holes"

    By Patrick Gray 
    Special to CNET News.com
    December 2, 2002
    Antivirus company Panda Software has detected a new strain of the
    W95/CIH10XX virus--commonly known the Chernobyl virus--which can be so
    damaging to some computers that it will render some BIOS chips, and
    even entire motherboards, unusable.
    Panda, which is based in Spain, somehow obtained a copy of the new
    strain, although it has not been seen "in the wild" or known to be
    starting to spread.
    The variant activates its payload on the second day of every month.  
    The original strain, first detected in 1998, activates its payload on
    April 26, the anniversary of the Chernobyl nuclear disaster.
    Another antivirus company, while acknowledging the dangers posed by
    infection, urged calm. Allan Bell, Network Associates' marketing
    director for the Asia-Pacific region, said that "unless the virus is
    being seen in the wild, there is a danger of crying wolf."
    Although this new virus is very dangerous, Bell said, "the risk factor
    for a virus must take into account its prevalence. This new variant of
    the Chernobyl virus does not appear to be in the wild and so the
    average user is not likely to encounter it."
    Encountering the Chernobyl virus is not a pleasant experience. Network
    Associates wrote an analysis of the original Chernobyl viruses in
    which the security firm describes the effect of the Chernobyl virus on
    the average system: "The viruses contain a very dangerous payload,
    whose trigger date depends on the variant. On this date, they attempt
    to overwrite the flash-BIOS. If the flash-BIOS is write-enabled (and
    this is the case in most modern computers with a flash-BIOS), this
    renders the machine unusable because it will no longer boot. At the
    same time, they also overwrite the hard disk with garbage."
    BIOS refers to a computer's basic input-output system.
    The virus affects computers with Microsoft's Windows 95, 98 and
    Millennium Edition operating systems.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 03 2002 - 04:29:15 PST