CIH virus may hit on Monday
(IDG) -- A fiercely destructive virus that may already be sitting dormant in the memory of computer users' systems is expected to become active Monday, April 26.
The virus, which is called CIH 1.2 and infects Windows 95 and 98 .EXE files, is not nearly as prevalent or easy to spread as the recent Melissa virus, but is significantly more destructive to the computers it does infect because it goes directly to the hardware.
According to Steve Trilling, director of research at the Symantec Anti-Virus Research Center, the payload of CIH 1.2 "will not only delete programs from your hard drive, but it can over-write flash BIOS and totally destroy the motherboard."
Although CIH 1.2 is much more slow moving than the more common macro viruses, its threat is higher because it typically goes undetected, according to Sal Viveros, group marketing manager for Network Associates' Total Virus Defense product line.
CIH was first discovered in summer 1998 in the Far East, according to Symantec's Trilling, who explained that viruses tend to be most threatening within the first six months of release.
"Because CIH is now in its eighth month, the threat has been significantly reduced," Trilling said.
CIH, however, does have the strength to destroy the hard drives of infected computers when they are booted up on April 26. Some observers have speculated that the payload release date is designed to coincide with the 13th anniversary of the nuclear meltdown in Chernobyl.
According to Viveros of Network Associates, March's relatively benign Melissa may have been a blessing in disguise for U.S. computer users.
"Most U.S. users updated their anti-virus solutions because of Melissa, so they are safe," Viveros said.
All of the leading anti-virus products have been aware of CIH 1.2 since last summer, so people who have updated their systems since then will have the current fix for CIH 1.2 and should be safe, according to Viveros, who also remarked that the virus has been extremely prevalent in Asia.
Computer users who are unsure whether their systems may be carrying the CIH 1.2 virus, especially those who have not been updating their anti-virus systems regularly, should contact their anti-virus solution provider.
Symantec is offering a fix called Kill CIH that can be downloaded from www.symantec.com (link below). Fixes are also available from Sophos, Network Associates, and others.
One Microsoft representative said the software company's products had no particular vulnerabilities to the CIH virus, and updated versions of Windows-based anti-virus software should keep Windows clean of it.
"It can run Windows 95 and Windows 98," the representative said. "The virus payload cannot run on NT systems. It could infect, but not run on, NT."
To Windows users, Microsoft recommended standard virus protection measures -- using up-to-date scanning software, employing code-signing safeguards, and not accepting floppy disks or executables from unknown sources.
Emily Fitzloff is an InfoWorld senior writer.
Some Aptivas shipped with CIH virus
RELATED IDG.net STORIES:
CIH virus dangerous, but easy to avoid
Symantec's Kill CIH fix
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.