This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

VIRUS ALERT - vide



A potentially nasty virus is in V IDE executables contained in zip files
down loaded from www.gnu.ai.mit.edu link from www.objectcentral.com .  If
you execute any of the files on the 26th, the virus will strike.  It garbles
both the (flash) boot rom and the HD.   See full description below.


Network Associates Virus Scan 4.0.3a reports Virus Win95/CIH.1003 in the
following files:

vide-win.zip
*	vide.exe

win-utils.zip
*	make.exe
*	tar.exe
*	cp.exe
*	touch.exe


			
	Virus Name
Win95/CIH.1003 
Date Added
9/7/99 
Virus Characteristics
This family of viruses, written in South-East Asia, first appeared in June
1998. Currently there are three known variants; and at least two of these
have been found `in the wild'. The viruses infect Windows 95 files in PE
format. 
Win32/CIH viruses are able to split up the body of the virus code and place
it within unused parts of the infected file (PE files usually contain lots
of unused space). 
The viruses contain a very dangerous payload, which triggers on the 26th of
any month. On this date, they attempt to overwrite the flash-BIOS. If the
flash-BIOS is write-enabled (and this is the case in most modern computers
with a flash-BIOS) this renders the machine unusable because it will no
longer boot. At the same time, they also overwrite the hard disk with
garbage. 
The viruses contain the following (unencrypted) strings:
.a variant: CIH v1.2 TTIT, .EXE

Indications Of Infection
EXE files of the PE (Portable Executable) format.
Method Of Infection
The only way to infect a computer with a file infecting virus is to execute
an infected file on the computer. The infected file may come from a
multitude of sources including: floppy diskettes, downloads through an
online service, network, etc. Once the infected file is executed, the virus
may activate.
Virus Information				
		Discovery Date:	7/1/98		
		Type:	Win32		
		Risk Assessment:	medium		
	Variants
Unknown 
Aliases
Win32/CIH, W32/CIH.Spacefiller 				
			
			
			
			


	----------
	From:  Bruce Wampler[SMTP:bruce@objectcentral.com]
	Sent:  Monday, August 16, 1999 6:25 PM
	To:  cygwin newsgroup
	Subject:  Re: GNU C++ Tutorial

	bruc-@objectcentral.com wrote: 
	original article:http://www.egroups.com/group/gnu-win32/?start=15988
	> I need a soon as posible a GNU C++ Tutorial.
	> Thanks !!!
	> 

	I don't know of any GNU C++ specific tutorials, but
	I have collected the best free C++ references
	available on the net in one place, all packaged
	for easy reference. Several GNU GCC specific
	documents are included. Please see:

	   http://www.objectcentral.com/vide/help/vhelp.htm

	This package is online, or you can download the
	whole thing.

	--------------------------------------------------

	[Sorry if this got into the group twice. I've been
	using the e-groups interface, and I got a message
	that this message bounced because e-groups had
	addressed it to gnu-win32@cygnus.com instead of
	cygwin@sourceware.cygnus.com. Perhaps someone
	needs to update the info at e-groups. I find it
	much easier to read this group via e-groups over
	getting my mail box full of all the messages.]
	-- 

	Bruce E. Wampler, Ph.D.

	Author of the V C++ GUI Framework

	e-mail: mailto:bruce@objectcentral.com
	web:    http://www.objectcentral.com

	--
	Want to unsubscribe from this list?
	Send a message to cygwin-unsubscribe@sourceware.cygnus.com
	

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]