Kaspersky Lab, the leader in antivirus protection systems, sounds alarm on possible infections, caused by new clones of Win95.CIH virus (also known as "Chernobyl"). The virus is well known for its rapid propagation and destructive power.

It has been recently revealed that the source code of the virus was published in Internet, including the algorithm used to wipe out Flash BIOS and hard disk data. This means that any hacker may now apply the CIH source to write his own virus with the same destructive features. Hardly there is a need to detalize the potential danger of such viruses. The recent burst of CIH activity this April, which drove hundreds of thousands of computers worldwide out of operation, is an obvious example of the threat.

Surely, it did not take much time for virus writers to make use of the free code. Another CIH-like virus, named "Emperor", has been already detected in Spain. It is a resident virus which infects COM and EXE files in DOS file system, the main boot sector of the hard disk and boot sectors of floppy disks. The virus applies state-of-the-art algorithms to infect files and pass by the anti-viral protection. It has been revealed by Kaspersky Lab experts that the code of Flash BIOS erasing procedure is virtually identical to that of CIH virus. Thus, the new virus is characterized by the same destructive power as the original one.

Fortunately, the new virus has plenty of bugs, which make it viability rather low. Thus the probability of large-scale Emperor infection is virtually vanishing. Yet the fact of application of CIH procedures in this virus is dangerous symptom by itself. It means that computer underground has already added CIH technologies to its armoury, and the appearance of new generation of CIH-like viruses is more than likely in the very nearest future.

Kaspersky Lab recommends all users to put Flash BIOS switches into read-only position. It also announces that corresponding procedures for detection and elimination of Emperor have already been added to anti-viral database of its AntiViral Tookit Pro (AVP) family of products.

Detail information on the new Emperor virus is available on-line in AVP Virus Encyclopedia at http://wwwviruslist.com.

Source: InfoArt News Agency

Is this material of interest to you?    Yes;   Partly;   No;   Comments:

---