US Report: Gamers believe Activision's 'SiN' carries CIH virus

For weeks now, Activision has been trying to tempt hard-core gamers to its newest release -- a shoot-'em-up action thriller called SiN -- with this tagline: "Sinday, Bloody, Sinday."

But that bit of advertising copy took on a whole new meaning on Sunday when some of those who'd downloaded a demo of the SiN game discovered that their hard drives had been reformatted by the hellish -- and by now infamous -- CIH virus.

While the official download sites at Activision and CNet's GameCenter were pronounced virus-free on Monday, Activision's SiN demo remained the No. 1 suspect as the carrier of the virus. More than likely, the demo became infected before being mirrored at one of the secondary sites. "People who downloaded the demo immediately were the ones who found themselves infected," said Chris Oltyan, Webmaster for the College Online Gaming Association. As of Monday afternoon, Oltyan said eight to nine victims had identified themselves to him.

One well-known gaming news site, Blue's News delayed posting a list of mirror sites for SiN because its Webmaster claimed to be "getting tons of mail with virus reports".

Several other incidents involving the so-called CIH virus were reported on Monday, the day after the virus was triggered to strike. When triggered, the virus reformats any connected hard drive and, on susceptible computers, also erases the system's BIOS chip -- essentially making the computer "forget" its internal language. Activision's quality control group was scrambling on Monday to get to the root of the incident.

According to the company, the game demo was packaged as a self-extracting ZIP file -- a compressed file that decompresses automatically. If so, the virus could not have casually infected the files, said Jim Summers, vice president of quality control for Activision. "Someone would have had to uncompress the files, infect them, and then ZIP the application back up," he said. "For someone to do that in time for people to get the virus on Sunday would be difficult."

Not so, said anti-virus researcher Igor Grebert, a senior researcher with Trend Micro, an anti-virus software company in the US. "A CRC (cyclic redundancy check - used to check integrity of a disk) check would be done on the inside of the file, but the virus appends itself to the ZIP wrapper, not the EXE," he said. "So it could be possible to accidentally infect the file." Nevertheless, Summers still contends his Activision is the victim of guilt by association. Because the demo was released on Sunday and the virus was timed to go off on Sunday, the two were linked in many people's minds.

This was not the case with recordable CD maker Yamaha Systems Technology in the US. The company admitted it had accidentally posted an infected firmware upgrade for its CDR400 recordable CD peripheral.

According to a company statement, it had originally checked the firmware with a virus scanner created before July 15 -- and found the firmware clean. Only after complaints started to pour in did the company update its anti-virus utility.

It's unknown how many people were affected by Yamaha's infected firmware. Company representatives were not available for comment.

PC Lab technicians have checked several FTP sites hosting the SiN demo, including Activision, CNet, and, all of which were found virus-free. Activision is not the "Internet entertainment company" previously reported by ZDNN as having found the virus in their offices. That report was unrelated to this incident.

UK Comment: ZDNet UK News spoke to Activision's spokesman in the UK who advised gamers to only download the SiN demo from either the Activision or Ritual sites.