Jan 22

W95.CIH

By admin
Add comments
Virus
 
8 views

Name W95.CIH
Type ,
Affected Windows 98, Windows 95, Windows Me
Risk Level 2: Low
Discovered June 1, 1998
Update April 25, 2002 2:39:44 PM
Length
Info W95.CIH, also commonly referred to as Chernobyl, is a destructive parasitic . It remains memory resident and infects other exe files when they are opened.

Due to decreased submissions, Symantec Security Response has downgraded this threat level to 2 from 3 as of March 30, 2004.

The CIH , also known as Chernobyl, was first discovered in June 1998 in Taiwan. According to the Taipei authorities, Chen Ing-hau wrote the CIH . The name of the derived from his initials.

CIH is a destructive with a payload that destroys data. On April 26, 1999, the payload triggered for the first time, causing many computer users to lose their data. In Korea, it was estimated that as many as one million computers were affected, resulting in more than $250 million in damages.

Although the is rather old, Symantec still believes the is in the wild and may cause damage to computer users who use outdated definitions, or who do not use antivirus software.
Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 1000
  • Number of Sites: 10
  • Geographical Distribution: Medium
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: High
  • Payload Trigger: W95.CIH V1.2 and V1.3 (April 26), W95.CIH V1.4 (26th of any month)
  • Payload: Destroys data and causes possible damage to CMOS

Distribution

  • Distribution Level: Medium
Writeup By: Motoaki Yamamura
Details >W95.CIH
convert this post to pdf. Tags: ,

Related Virus

"Free Scan W95.CIH

Print This Virus article Print This Virus article

This entry was posted on Tuesday, January 22nd, 2008 at 3:27 am and is filed under Virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

You must be logged in to post a comment.