US Report: Lack of vigilance could cause virus outbreak

D-Day for the destructive CIH virus has come and gone with few reported incidents of infection.
Written by ZDNet UK, Contributor

Yet, far from being a time to relax, experts warn that complacent corporate security could mean the next attack, or the next virus, could easily turn into an epidemic.

"I think that it is going to take a super-incident -- a Mount St. Helens of the computer industry -- before the corporations will get on board and check software prior to shipping it," said Rob Rosenberger, virus expert and Webmaster for the Computer Virus Myths Homepage.

Rosenberger's comments came on the eve of the last day that CIH was scheduled to trigger -- Sept. 26. On the 26th of every month, the Windows 95 and 98 computer virus -- also known as Win95.CIH and PE_CIH1.4 -- reformats infected hard drives and, on certain computers, destroys the system's core command set.

Despite the danger, many companies have been lax about protecting against this particular digital flu.

"By comparison, shareware is much safer," he said, adding that sites distributing shareware are much more responsible about keeping up-to-date on virus developments.

"Companies just don't learn," said Igor Grebert, senior researcher for anti-virus software maker Trend Micro Inc. The software maker was the first to report that the CIH virus had "gone into the wild," or was spreading uncontrollably, in June 1998.

The wild, viral Internet

In early March 1992, despite the hype surrounding the Michelangelo virus, Intel Corp. (Nasdaq:INTC) managed to send almost 840 copies its LanSpool utility to customers infected with Michelangelo.

Add to that the incredible speed of the Internet and you have a recipe for disaster.

Back in July, Mplayer.com had Quake II update files infected with CIH on its site for about four hours. Number of customers infected: As many as 1,500.

In August, one company had more than 80 percent, or about 500, of its computers fall victim to the virus, according to data recovery firm Ontrack Data International Inc. Trend Micro was contacted by another firm that found 700 infected PCs, 300 of which had their data corrupted by the virus.

Without a doubt, the actual number of companies affected is much greater than those reported. "The general population doesn't generally hear about the number of corporate infections," said Rosenberger.

CIH is a lion among lambs

While Grebert said CIH still has some life in it, he said corporate complacency is far more dangerous. "The software updates are out there, but companies are not using them or don't have full coverage for their systems," he said.

The silver lining to this particular dark cloud may be that most viruses are not destructive.

"CIH is different from the majority of viruses out there," said Rosenberger. "Which is why I am not all that worried -- there may be an outbreak, but if the virus is benign, it can be fixed."

Macro viruses are much more prevalent than, say, the CIH virus, but are much less destructive.

When CIH triggers, it erases the first 1 MB of the computer's hard drive. This essentially reformats the hard drive, since information on where files are located is usually stored in this area.

After that, the virus tries to erase the computer's core command set, or BIOS. Only a few motherboards are actually susceptible to this attack, according to a description of the virus created by the Symantec (Nasdaq:SYMC) Anti-virus Research Center, so most users need only worry about lost data.

Worth a pound of cure

An ounce of prevention is by far the best course. Firms distributing software -- especially over the Internet -- need to check it with an up-to-date virus scanner.

And users shouldn't accept software from companies at face value. "Microsoft has done it. Intel has done it. All the major companies have shipped a virus in software," said Rosenberger.

His prescription: Be prepared and scan frequently.

Editorial standards