Home | Site Map | Search | Contacts
About Us
News
Alerts
Events
Services
Resources
Report Incidents
Incident Statistics
Security FAQS
Training
Vacancies
Links

Search NISER
  NISER > Alerts > MyCERT Advisories & Summaries > Press Release : MyCERT MIMOS Comments on the CIH/Chernobyl June 26 Virus

Press Release : MyCERT MIMOS Comments on the CIH/Chernobyl June 26 Virus
Original Issue Date: 25th June 1999

Q: Will there be another attack of CIH virus this June 26th?

There are a number of variants of the CIH virus. Among the "deadly" variants are CIH.1003 and CIH.1010A (will trigger only on April 26th) and CIH.1010.B (will trigger only on June 26th ). Another variant of CIH which is less severe strikes every 26th day of the month. Thus we suspect there is a possibility of any PCs infected with this virus to be vulnerable to the attack on this June 26th. This virus does not target any specific year.

Q: Has there been any reports for the past years on this virus attack?

In MyCERT's experience, we have only received reports of infection during the attack on April 26th. We expect the June 26th attack can be as severe or even worst than what was experienced on April 26th. In the previous advisories, these virus variants have been mentioned.

Q: How severe will the attack be on the June 26 CIH variant?

There may be a new variant just recently released which is more severe than the April 26, in which MyCERT is are still trying to obtain the sample of the virus. We will come out with more FAQ on recovery steps as soon as we identify the behavior of the virus. However, if there are no new variants, the effect will be the same as the variant that strikes on every April 26th . Thus the advisories as released by CERT Coordination Center is applicable. We encourage users to frequently visit our advisories page for updates.
http://mycert.mimos.my/back.html

Q: Will there be widespread effect?

We do not expect a widespread effect among organizations as what happened the last April 26, since June 26 will be a public holiday in Malaysia. However, home PCs may still be effected.

Q: Is there any advice for the general Internet users in Malaysia?

"Always ensure you have your antivirus software running, scan every file that is to be stored or executed on your PCs. You should not depend on periodic alerts to update your lists. There are hundreds of viruses a week and thousands of virus in month. Thus the update must be done regularly." For those that have not taken precautionary action to prevent virus infection, it is advisable not to boot up your PC, or change the date of your PC to June 27, 1999 as a temporary solution.

More information is available at
http://www.mycert.mimos.my



GENERAL VIRUS INFORMATION AND CIH VIRUS

Q: How can a virus infect a PC?

There are a few means in which a virus can be installed on a PC:

  • Via Infected floppy disks
  • Via Infected file attachments that are sent via e-mail
  • Via infected files downloaded or transferred from the Internet or from any other servers

Q: How can we avoid computer virus infection?

To avoid the infection of computer viruses, a few standard practice need to be carried out:

  • Update the virus definitions on the antivirus software regularly.
  • Ensure auto-protect agent are running on every PC at all times.
  • Plug-in browsers MUST be enabled to prevent virus infection via emails and Internet downloads.
  • Scan every file that is to be stored or executed on a PC.
  • Do not share your harddisks with FULL access, instead provide only READ access.
  • Run an antivirus with harddisk partitioning back-up feature.
  • Regular backup all critical documents.

Q: What happens when a PC gets infected with CIH virus?

There are a few version of CIH virus with various degree of impact. At the minimum, it will infect the program files and thus prevents the programs from executing correctly (eg PC will not be able to boot up). In most severe cases, the virus will erase all data on the harddisk, or remove partitions on harddisk thus making it impossible to retrieve any data from the harddisk.

Q: What types of Operating Systems are vulnerable to CIH virus infection?

Only win95, win98 and Windows NT are vulnerable to CIH infection. The virus is capable of both infecting and executing on win95 and win98 platform, while on Windows NT platform, it is only capable of infecting the harddisks.

Q: How do we recover an infected PC?

The recovery steps depends on the degree of impact. The minimum requirement would be to boot the PC from floppy or external disk and run a scanner to detect and clean the harddisk from any infected files. The most severe effect would require the harddisk to be reformatted (losing all data) and may require BIOS chip replacement.

More information on CIH virus are available at:
http://www.cert.org/incident_notes/IN-99-03.html
http://www.mycert.mimos.my/back.htm



Disclaimers and copyright information
Last Update April 19, 2001