By Mitch Wagner ,
Anti-virus experts Tuesday said they've received only isolated reports of attacks of the insidious new CIH virus. The virus, which makes PCs unusable on a hardware level, was scheduled to go off on Sunday.
"We've had two reports of the virus -- of people finding it on their hard disk -- and zero reports of any damage," said Carey Nachenberg, chief researcher at the Symantec Anti-Virus Research Center. Symantec makes the Norton AntiVirus program.
The virus -- also known as Win 95/CIH,
Win 95.CIH, and W32.CIH.Spacefiller -- is
scheduled to strike on the 26th of every
month. It will scramble the data on the
beginning sectors of a PC hard disk,
making the disk unbootable and
unreadable until the damage is repaired.
On some types of PCs, the virus also will
scramble the basic input/output system located in flash
memory, making the PC unbootable and
requiring the chip to be reprogrammed
using an Erasable Programmable ROM (EPROM) burner. Since most
users don't have access to an EPROM
burner, they need to replace the chip
or, in some cases, where the chip is
soldered to the motherboard, the entire
motherboard.
Because hardware vendors use different components, anti-virus experts were unable to say which brands and models of PCs were susceptible. The virus affects only Windows 95 and Windows 98.
The latest updates of most anti-virus scanners, such as Network Associates' VirusScan and Symantec's Norton AntiVirus, will find and correct the virus on damaged PCs. Also, Network Associates and iRiS Software are offering free programs that will scan hard disks and disinfect for the CIH virus. Nick FitzGerald, editor of The Virus Bulletin magazine, said there have been several dozen unconfirmed reports on Usenet newsgroups of the virus striking.
"There seem to be a lot of individual people saying they have it and want to know how to get rid of it. It's very hard to find out how authentic they are," FitzGerald said.
Vincent Gulato, manager of McAfee Labs for Network Associates, said that reports of infections are widespread, but his company has received no actual reports of damage caused by the virus.
Anti-virus researchers explained the lack of damage caused by the virus was due to the fact it hit on Sunday, when most machines aren't used. However, one variant of the virus is set to go off on the 26th of every month, meaning that August could be more dangerous, since Aug. 26 is a Wednesday. David Chess, an anti-virus researcher at the IBM Watson Research Center, said the virus is mostly found among users who use pirated software -- so-called "warez." Moreover, he said, most of the users infected with the virus have caught a variant that strikes only on April 26.
Anti-virus researchers said the public has been panicked about the virus far out of proportion to its actual likelihood of doing damage.
"I don't want people to forget about viruses, but on the other hand I don't want them to think that any individual virus is going to destroy the world," Chess said. "It's not any individual virus, it's all the viruses taken together that create problems," he said.
"One news report called it 'the mother of all viruses,' " Gulato said. "I wouldn't call it 'the mother of all viruses.' "
One user wrote to InternetWeek saying her local news had instructed her not to turn on her PC on Sunday.
Try TechWeb's RSS Feed!ACCO Brands Corp seeking Director of New Product Development in Lincolnshire, IL
Transportation Security Administration seeking Chief Information Officer in Arlington, VA
Hebrew SeniorLife seeking Business Systems Analyst in Boston, MA
Trilogy Leasing seeking General Manager in Cranbury, NJ
UVIMCO seeking Senior Information Technology Leader in Charlottesville, VA
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
