ad info

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
Computing

From...

CIH virus causes little permanent damage

August 28, 1998
Web posted at: 9:30 AM EDT

by Tom Diederich

(IDG) -- A strain of the malicious CIH virus struck at least 750 Windows-based PCs in the U.S. yesterday, but one data recovery firm said that nearly all of the damage can be repaired in a vast majority of the cases.

The original CIH virus, PE_CIH Version 1.2, was first found in Asia on April 26 and has appeared in virtually every country since. The 26th of each month apparently is significant for the virus' creators, who designed PE_CIH Version 1.3 to execute on June 26 and -- for Version 1.4, dubbed Win95.CIH.1019 -- to come to life of the 26th of every month starting last month. All three variants have affected PCs running either Windows 95 or Windows 98 and were activated when users booted up their PCs.

The virus, in addition to attacking data on the hard drive, attempts to rewrite -- and therefore destroy -- a PC's flash BIOS ROM, said Stuart Hanley, vice president of worldwide operations at Ontrack Data International, Inc. in Minneapolis.

"This virus destroys the first megabyte of data on the drive -- the front end of the drive," Hanley said. "That's where critical structures reside, like the master boot record, partition information and the boot partition block. File allocation tables can also be wiped out."

But that data often can be recovered, Hanley added. "It's clear that in many cases, just about 100% of the data can be recovered."

MORE COMPUTING INTELLIGENCE
  IDG.net home page
  Computerworld's home page
  Computerworld "Emmerce"
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  Questions about computers? Let IDG.net's editors help you
  Search IDG.net in 12 languages
  Subscribe to IDG.net's free daily newsletter for IT leaders
 News Radio
  Computerworld Minute
  Fusion audio primers
   

Hanley said his firm saw less than half a dozen PCs infected with Win95.CIH.1019 last month. He admitted that yesterday's attack caught him somewhat off guard.

"I was surprised when the calls started coming in around midday," he said. "To be honest, I didn't quite expect what we saw today." That may be because last month, the 26th fell on a Sunday. This month, the date fell on a Wednesday, a workday for most people and companies.

A Microsoft Corp. spokesman said the CIH virus infects executable files. He recommended that users use the latest versions of antivirus software and avoid opening attachments sent via E-mail from unknown sources.

Hanley agreed that prevention was key. He said the customers who called yesterday could have saved themselves time and money if they had used antivirus software. Of the 750 infected PCs seen yesterday, he said one firm had 500 units that had been crippled by CIH. Although he refused to name the firm or its location, he said that about 80% of its computers had been affected.

Ontrack has a remote data recovery service and four facilities in the U.S. where customers can take sick PCs for data repair -- provided that the computers' BIOS hasn't been affected. That was the case in 300 of the 750 units seen yesterday, Hanley said.

Home users can expect to pay between $400 and $1,100 for repair work, depending on the extent of the damage. Volume discounts are available for organizations, he added.

Igor Grebert, senior virus researcher at Trend Micro, Inc. in Cupertino, Calif., said CIH, like other notorious viruses, will soon be history. "I would expect that in the next few months, people will be protected and we won't hear of it again," he said.

"It's one of those nasty viruses that seems to be pretty successful. It's not a major infection, and it's not getting worse and worse, but it is spreading little by little."

Trend Micro has a free online service called HouseCall that will root out and kill CIH and other viruses, Grebert said.

Related stories:
Latest Headlines

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

SEARCH CNN.com
Enter keyword(s)   go    help

  
 

Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.