In this section

• Home
• Press office
• News archive
• Articles
• 1998
• 06

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

30 June 1998

Sophos warns of new PC paralyser

Virus attacks boot files, destroying start-up routines.

Sophos is warning Windows 95 and Windows 98 users of a new virus, known as CIH, which has the capacity to overwrite system start-up routines, as well as wiping data on hard disks. The virus attacks the BIOS, needed to boot up the computer, something which no previous virus has managed to do.

The attack comes in two parts, the first and most dangerous being that on the BIOS. The virus overwrites the start-up mechanism, having first bypassed safety features which prevent unintentional loss of data. This makes the computer unbootable until the chip is replaced. The second attack overwrites data on the hard disk of the machine.

"The attack on the BIOS has been tried before, but without success," said Paul Ducklin, Head of Research at Sophos. "The fact that this attack is coupled with the more usual characteristic of data loss makes this virus doubly destructive. Any machine attacked will both cease to function and lose its data. For the first time, we have a virus with side-effects that can only be cured by physically opening the computer and replacing a component."

The virus infects EXE files in Windows 95 and Windows 98. The trigger date is April 26th, though there are variants which trigger on June 26th, and on the 26th of any month.

"Attacked computers can be repaired," said Paul Wilson, Sophos Technical Support Manager. "Additionally, some computers can be configured to be physically secure against this sort of attack, though they are usually shipped with such protection disabled, presumably for reasons of convenience."

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com