[WinMac] Virii on Windows
Marc Bizer(mlbizer[at]mail.utexas.edu)
Thu, 23 Jul 1998 22:10:56 +0200
Hi everyone,
I just received the following message from the Univ. of Texas
administration. Frankly, it makes me glad to use a Mac. But I wonder at the
maliciousness of those who would conceive of such a virus.
--Marc
This June, a new virus called "Win32/CIH" or "PE_CIH" first
appeared, and it has now been discovered on campus machines. The
virus infects Windows 95 and Windows 98 executable files (PE
format), but NOT Windows NT or any Macintosh computer.
Win32/CIH viruses can split up the body of the virus code and place
it within unused parts of the infected file. The viruses contain
highly destructive code, which triggers on the 26th of any month.
On the 26th (this Sunday is 26 July), the virus code attempts to
overwrite the flash-BIOS in infected machines. If the flash-BIOS is
write-enabled, and most modern computers have a writable flash-BIOS,
the overwriting renders the machine UNUSABLE because it will no
longer boot. Any hardware damage caused by the virus is not covered
under manufacturer's warranties. At the same time, the disk
partition information is destroyed.
The Win 32/CIH virus was triggered in a test using a Windows
95 system. After the computer's date rolled over to 26 July, all
disk partitioning information was lost, leaving the system
unbootable and the data unrecoverable. No known tools are
available to help save lost work, but analysts are searching.
This virus has been discovered on computers in several campus labs,
including the Windows 95 systems in the Student Microcomputer
Facility. If you have used a diskette on one of these systems and
then used it elsewhere, you may have spread the virus. Of course, it
is always possible that you picked up the virus elsewhere. Testing
your system may be prudent.
What Can You Do?
NOTE: If you do not have time to disinfect your machine before
Sunday, 26 July, you should shut your system down on the 25th and
not use it again until the 27th. This virus can be a very
devastating and ALL precautions should be taken to avoid it. Do NOT
turn on an untested machine any time during the 26th.
DETECTION --
To detect the virus, you should immediately run a virus detection
program that scans for the CIH virus. If your detection software
will not run BECAUSE of the virus (and we have found a case of that
for the Dr. Solomon's software), you must boot your system with a
clean boot disk containing the disinfecting software.
* Windows-MacOS Cooperation List *
* FAQ: <http://www.darryl.com/winmacfaq/> *
* Archives: <http://www.darryl.com/winmac/> *
* Subscribe: <mailto:winmac-on@xerxes.frit.utexas.edu> *
* Subscribe Digest: <mailto:winmac-digest@xerxes.frit.utexas.edu> *
* Unsubscribe: <mailto:winmac-off@xerxes.frit.utexas.edu> *
This archive was generated by hypermail 2.0b2
on Thu Jul 23 1998 - 13:14:23 PDT
|