advertising information

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

CIH virus may hit on Monday

April 23, 1999
Web posted at: 2:43 p.m. EDT (1843 GMT)

by Emily Fitzloff

From...
InfoWorld
computer virus graphic

INTERACTIVE

Are you protected against the CIH 1.2 virus?

Yes No
View Results

 ALSO
   Network Associates ranks virus threats

   Sign up for the Computer Connection email service

   For more computing stories

  

(IDG) -- A fiercely destructive virus that may already be sitting dormant in the memory of computer users' systems is expected to become active Monday, April 26.

The virus, which is called CIH 1.2 and infects Windows 95 and 98 .EXE files, is not nearly as prevalent or easy to spread as the recent Melissa virus, but is significantly more destructive to the computers it does infect because it goes directly to the hardware.

According to Steve Trilling, director of research at the Symantec Anti-Virus Research Center, the payload of CIH 1.2 "will not only delete programs from your hard drive, but it can over-write flash BIOS and totally destroy the motherboard."

Although CIH 1.2 is much more slow moving than the more common macro viruses, its threat is higher because it typically goes undetected, according to Sal Viveros, group marketing manager for Network Associates' Total Virus Defense product line.

CIH was first discovered in summer 1998 in the Far East, according to Symantec's Trilling, who explained that viruses tend to be most threatening within the first six months of release.

"Because CIH is now in its eighth month, the threat has been significantly reduced," Trilling said.

CIH, however, does have the strength to destroy the hard drives of infected computers when they are booted up on April 26. Some observers have speculated that the payload release date is designed to coincide with the 13th anniversary of the nuclear meltdown in Chernobyl.

MORE COMPUTING INTELLIGENCE
  IDG.net home page
  InfoWorld home page
  InfoWorld forums home page
  InfoWorld Internet commerce section
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Search IDG.net in 12 languages
 News Radio
  Fusion audio primers
  Computerworld Minute
   

According to Viveros of Network Associates, March's relatively benign Melissa may have been a blessing in disguise for U.S. computer users.

"Most U.S. users updated their anti-virus solutions because of Melissa, so they are safe," Viveros said.

All of the leading anti-virus products have been aware of CIH 1.2 since last summer, so people who have updated their systems since then will have the current fix for CIH 1.2 and should be safe, according to Viveros, who also remarked that the virus has been extremely prevalent in Asia.

Computer users who are unsure whether their systems may be carrying the CIH 1.2 virus, especially those who have not been updating their anti-virus systems regularly, should contact their anti-virus solution provider.

Symantec is offering a fix called Kill CIH that can be downloaded from www.symantec.com (link below). Fixes are also available from Sophos, Network Associates, and others.

One Microsoft representative said the software company's products had no particular vulnerabilities to the CIH virus, and updated versions of Windows-based anti-virus software should keep Windows clean of it.

"It can run Windows 95 and Windows 98," the representative said. "The virus payload cannot run on NT systems. It could infect, but not run on, NT."

To Windows users, Microsoft recommended standard virus protection measures -- using up-to-date scanning software, employing code-signing safeguards, and not accepting floppy disks or executables from unknown sources.

Emily Fitzloff is an InfoWorld senior writer.


MESSAGE BOARD:
"Chernobyl" virus

RELATED STORIES:
Some Aptivas shipped with CIH virus
April 8, 1999
Massive e-mail virus outbreak spreads like wildfire
March 29, 1999
How to prepare yourself for the CIH 1.2 virus
March 12, 1999
CIH virus causes little permanent damage
August 28, 1998
Hardware-damaging virus is a worldwide problem
July 22, 1998

RELATED IDG.net STORIES:
CIH virus dangerous, but easy to avoid
(Computerworld)
Prepare yourself for the CIH 1.2 virus
(PC World Online)
Virucide!
(PC World Online)
Virus killers
(PC World Online)
Protect yourself from the next Melissa
(PC World Online)

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


RELATED SITES:
Symantec's Kill CIH fix
Network Associates Inc.
Sophos Plc

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.