Security firm warns of Chernobyl resurrection

Panda Software, a European antivirus company, has detected a new strain of the devastating Chernobyl virus.
Written by Patrick Gray, Contributor
Panda Software, a European antivirus company, has detected a new strain of the devastating W95/CIH10XX virus--commonly known the Chernobyl virus--which can be so damaging to some computers that it will render some BIOS chips and even entire motherboards, unusable.

Panda somehow obtained a copy of the new strain, although it is not been seen "in the wild" or known to be starting to spread.

The variant activates its payload on the 2nd of every month. The original strain, first detected in 1998, activates its payload on the 26th of April, the date of the Chernobyl nuclear disaster.

Another antivirus company, while acknowledging the dangers posed by infection, urged calm. Allan Bell, marketing director, Asia-Pacific of Network Associates says that "...unless the virus is being seen in the wild there is a danger of crying wolf.’"

Bell says that although this new virus is very dangerous "...the risk factor for a virus must take into account its prevalence. This new variant of the Chernobyl virus does not appear to be in the wild and so the average user is not likely to encounter it."

"Encountering" the Chernobyl virus is not a pleasant experience. Network Associates wrote an analysis of the original Chernobyl viruses in which they describe the effect of the Chernobyl virus on the average system:

"The viruses contain a very dangerous payload, whose trigger date depends on the variant. On this date, they attempt to overwrite the flash-BIOS. If the flash-BIOS is write-enabled (and this is the case in most modern computers with a flash-BIOS) this renders the machine unusable because it will no longer boot. At the same time, they also overwrite the hard disk with garbage," Network Associates said.

The virus affects Windows 95/98/ME systems.

Editorial standards