http://news.com.com/2100-1001-975695.html?tag=fd_top By Patrick Gray Special to CNET News.com December 2, 2002 Antivirus company Panda Software has detected a new strain of the W95/CIH10XX virus--commonly known the Chernobyl virus--which can be so damaging to some computers that it will render some BIOS chips, and even entire motherboards, unusable. Panda, which is based in Spain, somehow obtained a copy of the new strain, although it has not been seen "in the wild" or known to be starting to spread. The variant activates its payload on the second day of every month. The original strain, first detected in 1998, activates its payload on April 26, the anniversary of the Chernobyl nuclear disaster. Another antivirus company, while acknowledging the dangers posed by infection, urged calm. Allan Bell, Network Associates' marketing director for the Asia-Pacific region, said that "unless the virus is being seen in the wild, there is a danger of crying wolf." Although this new virus is very dangerous, Bell said, "the risk factor for a virus must take into account its prevalence. This new variant of the Chernobyl virus does not appear to be in the wild and so the average user is not likely to encounter it." Encountering the Chernobyl virus is not a pleasant experience. Network Associates wrote an analysis of the original Chernobyl viruses in which the security firm describes the effect of the Chernobyl virus on the average system: "The viruses contain a very dangerous payload, whose trigger date depends on the variant. On this date, they attempt to overwrite the flash-BIOS. If the flash-BIOS is write-enabled (and this is the case in most modern computers with a flash-BIOS), this renders the machine unusable because it will no longer boot. At the same time, they also overwrite the hard disk with garbage." BIOS refers to a computer's basic input-output system. The virus affects computers with Microsoft's Windows 95, 98 and Millennium Edition operating systems. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Dec 03 2002 - 04:29:15 PST