Virus attacks boot files, destroying start-up
routines.
Sophos is warning Windows 95 and Windows 98 users of a new
virus, known as CIH, which has the capacity to overwrite system
start-up routines, as well as wiping data on hard disks. The virus
attacks the BIOS, needed to boot up the computer, something which
no previous virus has managed to do.
The attack comes in two parts, the first and most dangerous
being that on the BIOS. The virus overwrites the start-up
mechanism, having first bypassed safety features which prevent
unintentional loss of data. This makes the computer unbootable
until the chip is replaced. The second attack overwrites data on
the hard disk of the machine.
"The attack on the BIOS has been tried before, but without
success," said Paul Ducklin, Head of Research at Sophos. "The fact
that this attack is coupled with the more usual characteristic of
data loss makes this virus doubly destructive. Any machine attacked
will both cease to function and lose its data. For the first time,
we have a virus with side-effects that can only be cured by
physically opening the computer and replacing a component."
The virus infects EXE files in Windows 95 and Windows 98. The
trigger date is April 26th, though there are variants which trigger
on June 26th, and on the 26th of any month.
"Attacked computers can be repaired," said Paul Wilson, Sophos
Technical Support Manager. "Additionally, some computers can be
configured to be physically secure against this sort of attack,
though they are usually shipped with such protection disabled,
presumably for reasons of convenience."
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.