Trend Micro Discovers Malicious Virus Targeted At Windows 98; Trend Micro Offers Free HouseCall Service to Combat the Virus, Which is Triggered to Attack Desktops On Friday, June 26.CUPERTINO, Calif.---(BUSINESS WIRE)--June 25, 1998--Trend Micro, the leader in centrally managed virus protection, today announced the discovery of PE_CIHV1.x, a new computer virus capable of infecting within the Windows 95 and 98 operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. . Two variants of the virus, PE_CIHV1.3 and 1.4, are triggered to destroy and reformat (1) To change the record layout of a file or database. (2) To initialize a disk over again. hard drives on Friday, June 26, one day after Windows 98 ships. (A full description of the virus is below). PE_CIHV1.x, now "in the wild" and spreading through China, Taiwan, Hong Kong Hong Kong (hŏng kŏng), Mandarin Xianggang, special administrative region of China, formerly a British crown colony (2005 est. pop. 6,899,000), land area 422 sq mi (1,092 sq km), adjacent to Guangdong prov. , Russia and Europe, is capable of destroying valuable data within milliseconds. Because the virus attacks executable (EXE Exe (ĕks), river, c.55 mi (90 km) long, rising in the Exmoor, Somerset, SW England, and flowing S across the Cornwall peninsula, past Exeter to the English Channel at Exmouth. ) files, it is most commonly spread on CDs, floppy disks or as an embedded part of a software program. It can also be transmitted as an e-mail attachment A file that rides along with an e-mail message. The attached file can be of any type. E-mail programs make it easy to attach a file. For example, in Eudora, all you do is select Attach from the Message menu, browse through the folder hierarchy to find the file you want and then double in an executable file See executable code. . Once an infected file is run, any other Windows executable file that is run becomes infected. To help prevent the virus from spreading through the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , Trend Micro has updated HouseCall(tm), its free online virus-scanning service. With HouseCall, concerned Windows users can reassure themselves that the virus is not in their system before upgrading to Windows 98. HouseCall can be found at http://housecall.antivirus.com. If an infected file is found, users can choose to clean or delete the infected file. "Unlike most viruses, PE_CIHV1.x has a destructive payload and, because it is memory-resident, is able to propagate quickly," said Igor Grebert, senior virus researcher. "Trend Micro's quick discovery of this potentially destructive virus in Taiwan demonstrates how important it is to have an extensive team of virus experts, as Trend Micro does, operating on a global scale. Trend Micro's virus researchers found this virus quickly, analyzed it and immediately provided protection to all Windows users through our innovative HouseCall service." About Trend Micro Trend Micro provides centrally controlled server-based virus protection. By protecting information that flows through file servers, e-mail servers and Internet gateways, Trend Micro lets major companies worldwide stop viruses from a central point before they ever reach the desktop. Trend Micro's award-winning products have been chosen by Hewlett-Packard, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Lotus Softswitch, Microsoft, Netscape, Oracle, Sun Microsystems Sun Microsystems, Inc. (NASDAQ: JAVA[3]) is an American vendor of computers, computer components, computer software, and information-technology services, founded on 24 February 1982. , Wingra and WorldTalk as a key part of their server security solutions. Trend Micro is privately held and based in Cupertino, Calif., with offices worldwide. Evaluation copies of all of Trend Micro's products may be downloaded from its award-winning site, http://www.antivirus.com. Web site visitors may also test-drive products online through Trend Micro's Virtual Lab. -0-
Recent Trend Micro Awards:
- 1998 -- OfficeScan for Microsoft Small Business Server:
Recommended by Computer Reseller News/Spring COMDEX Test Center
- 1998 -- ServerProtect: Five Palm Award, Beverly Hills Software
- 1998 -- ScanMail for Lotus Notes: Gold Editors' Choice Security
Award, Lotus Notes and Domino Advisor
- 1997 -- ScanMail for Lotus Notes 1.0: Best of Test Center Award,
InfoWorld
- 1997 -- HouseCall: Best of the Web, HomePC
- 1997 -- InterScan E-Mail VirusWall, Editors' Choice for Internet
E-mail Gateway Antivirus, PC Magazine
Note to Editors: InterScan VirusWall, ScanMail and ServerProtect
are registered trademarks of Trend Micro Inc. HouseCall, MacroTrap,
OfficeScan, Trend VCS and Virtual Lab are trademarks of Trend Micro
Inc. Other product and company names may be registered trademarks or
trademarks of their respective companies.
Trend Micro Inc.
PE_CIH Virus Technical Information
Virus Name: PE_CIHV1.2
Alias: None
Virus Type: Windows Executable file
Platform: Windows 95 and Windows 98
Encrypted: No encryption
Virus Length: About 1 kilobyte
File Length after infection: 0 bytes. This is due to the slack
space, which exists within 32-bit
files.
Variants: PE_CIHV1.3, PE_CIHV1.4
Place of Origin: Taiwan
Destructive: Yes
Trigger Date: The 26th of some or any months
depending on the variant
Password: No
Seen in the Wild: Yes
-0- Description PE_CIHV1.2 is a destructive, 32-bit file infecting virus (EXE only), which will infect within Windows 95 and 98 executable files. When the virus infects, it inserts itself into the free space at the end of a PE (portable executable The Portable Executable (PE) format is a file format for executables, object code, and DLLs, used in 32-bit and 64-bit versions of Windows operating systems. The term "portable" refers to the format's portability across all 32-bit (and by extension 64-bit) Windows operating ) file. File growth after the file has infected is not noticeable. After the virus is triggered, it goes resident in memory and hooks the IFS (Installable File System A file system that can be added to an operating system that is designed to handle multiple file systems. Multiple file systems allow different types of file structures to be accessed. See IFSMgr. ) giving it the capability to infect any PE type files. Depending on the variant, the virus adds the following string of code within an infected 32-bit file: "CIH CIH Chartered Institute of Housing (UK) CIH Certified Industrial Hygienist (ABIH) CIH Constant Image Height CIH Camshaft in Head (engine) CIH Chen Ing-Hau v1.2 TTIT TTIT Tissue Thromboplastin Inhibition Test TTIT Turbocharger Turbine Inlet Temperature " "CIH v1.3 TTIT" "CIH v1.4 TATUNG" Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. files cannot become infected by PE_CIHV1.2 due to the virus use of a VxD programming technique when it goes resident in memory. Currently, the VxD technique is only available within Windows 95 and 98. It is therefore impossible for the virus to replicate or destroy data within a Windows NT environment. The PE_CIHV1.2 is destructive and will reformat hard drives on the following dates (depends on variant): CIH v1.2: April 26 CIH v1.3: June 26 CIH v1.4: 26th of every month If a hard drive is reformatted by the PE_CIHV1.2 virus, the following message will appear on the screen when the system is rebooted: "DISK BOOT FAILURE The inability to locate and/or read the operating system from the designated disk. , INSERT SYSTEM DISK AND PRESS ENTER." If users attempt to boot from drive A and try to change to drive C, the user will see the following message: "Invalid drive specification A DOS error message. If you get this message on a valid drive such as C:, it may mean that your hard disk has become corrupted. ." Concerned Windows customers can use Trend Micro's free online service, HouseCall, to reassure themselves that the virus is not in their system. The HouseCall service can be found at http://housecall.antivirus.com. If an infected file is found, users can choose to clean or delete the infected file. For more information regarding this virus, users can contact Trend Micro's Virus Doctors at 800/288-5654 or send e-mail to virus_doctor@trendmicro.com. CONTACT: Schwartz Communications Inc. Christine Brodeur or Jason Throckmorton, 415/512-0770 cbrodeur@schwartz-pr.com jasont@schwartz-pr.com |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion