Posted by Sandy FL on April 30, 1999 at 18:41:12:
CIH 1.2 virus threatens PC systems’
hardware
By Emily Fitzloff
InfoWorld Electric
Posted at 2:45 PM PT, Apr 23, 1999
The patience of IT managers and the strength of the security measures they
have put into practice will be sorely tested next week.
A fiercely destructive virus, that may already be sitting dormant in computer users’
systems, is expected to become active April 26.
The virus, which is called CIH 1.2 and infects Windows 95 and 98 .exe files, is not
nearly as prevalent nor as easily spread as the recent Melissa virus, but is significantly
more destructive because it goes directly to the hardware.
Steve Trilling, director of research at the Symantec AntiVirus Research Center, said the
payload of CIH 1.2 “will not only delete programs from your hard drive, but it can
overwrite flash BIOS and totally destroy the motherboard.”
Although CIH 1.2 is much slower than most macro viruses, its threat is greater because
it typically goes undetected, according to Sal Viveros, group marketing manager at
Network Associates’ Total Virus Defense product line.
CIH was first discovered in summer 1998 in the Far East, according to Symantec’s
Trilling, who explained that viruses tend to be most threatening within the first six months
of release.
“Because CIH is now in its eighth month, the threat has been significantly reduced,”
Trilling said.
CIH, however, can destroy the hard drives of infected computers when they are booted
up on April 26. Some observers have speculated that the payload release date is
designed to coincide with the 13th anniversary of the nuclear meltdown in Chernobyl.
According to Viveros, the relatively benign Melissa virus, which struck in March, may
have been a blessing-in-disguise for users.
“Most U.S. users updated their antivirus solutions because of Melissa,” Viveros said.
All of the leading antivirus products have been aware of CIH 1.2 since summer 1998, so
people who have updated their systems since then will have the current fix for CIH 1.2
and should be safe, according to Viveros, who also remarked that the virus has been
extremely prevalent in Asia.
Computer users who are unsure if their systems are carrying the CIH 1.2 virus,
especially those who have not been updating their antivirus systems on a regular basis,
are urged to contact their antivirus solution provider.
Symantec is offering a fix called Kill CIH that can be downloaded from
www.symantec.com/avcenter. Sophos, Network Associates, and others are also
offering fixes.
A Microsoft representative said the company’s products had no particular vulnerabilities
to the CIH virus, and added that updated versions of the Windows-based antivirus
software should keep Windows systems secure.
“[CIH 1.2] can run on Windows 95 and Windows 98,” the representative said. “The
virus payload cannot run on NT systems. It could infect, but not run on NT.”
Symantec Corp., in Santa Monica, Calif., is at www.symantec.com. Network
Associates Inc., in Santa Clara, Calif., is at www.nai.com. Sophos, in Woburn, Mass.,
is at www.sophos.com.