[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Security firm warns of new Chernobyl


By Patrick Gray 
Special to CNET News.com
December 2, 2002

Antivirus company Panda Software has detected a new strain of the
W95/CIH10XX virus--commonly known the Chernobyl virus--which can be so
damaging to some computers that it will render some BIOS chips, and
even entire motherboards, unusable.

Panda, which is based in Spain, somehow obtained a copy of the new
strain, although it has not been seen "in the wild" or known to be
starting to spread.

The variant activates its payload on the second day of every month.  
The original strain, first detected in 1998, activates its payload on
April 26, the anniversary of the Chernobyl nuclear disaster.

Another antivirus company, while acknowledging the dangers posed by
infection, urged calm. Allan Bell, Network Associates' marketing
director for the Asia-Pacific region, said that "unless the virus is
being seen in the wild, there is a danger of crying wolf."

Although this new virus is very dangerous, Bell said, "the risk factor
for a virus must take into account its prevalence. This new variant of
the Chernobyl virus does not appear to be in the wild and so the
average user is not likely to encounter it."

Encountering the Chernobyl virus is not a pleasant experience. Network
Associates wrote an analysis of the original Chernobyl viruses in
which the security firm describes the effect of the Chernobyl virus on
the average system: "The viruses contain a very dangerous payload,
whose trigger date depends on the variant. On this date, they attempt
to overwrite the flash-BIOS. If the flash-BIOS is write-enabled (and
this is the case in most modern computers with a flash-BIOS), this
renders the machine unusable because it will no longer boot. At the
same time, they also overwrite the hard disk with garbage."

BIOS refers to a computer's basic input-output system.

The virus affects computers with Microsoft's Windows 95, 98 and
Millennium Edition operating systems.

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.