CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Tech Industry

Christmas virus designed to hit Windows

Computer security experts discover a new virus that is designed to damage Windows-based personal computers on Christmas Day.

Computer security experts have discovered a new virus that is designed to damage Windows-based personal computers on Christmas Day.

The virus, however, has not yet been detected in the "wild," or outside the laboratory setting, prompting most security experts to consider it as a "low to medium" danger threat.

Privately held antivirus companies Central Command and Kaspersky Lab have named the new virus Win32.Kriz.9862 and said that it contains an even deadlier payload than the Chernobyl virus that brought down thousands of computers in Asia this spring.

"This is a nasty virus, but there are no indications that it has spread," said Roger Thompson, technical director of malicious code research at ICSA, a trade group for computer security makers. "I see nothing in this virus that makes it hard to detect so I expect everyone will have a patch for it within a few days."

Thompson also said that since the virus is set to come alive on December 25, there is still time to get prepared.

But Keith Peer, president of Central Command, noted that security experts knew about the Chernobyl virus in advance, but the malicious code still managed to crash more than 300,000 computers in Asia.

"The problem is that if a virus like this gets out into the wild, there are vast amounts of computer users that don't use virus protection or don't update their programs regularly," said Peer. "This can be very devastating."

Central Command said the virus is a memory-resident Windows virus which will replicate itself on Windows 95, Windows 98, and Windows NT systems, infecting Windows programs with EXE (executable) and SCR (screen savers) filename extensions. It also infects Windows KERNEL32.DLL system library that allows the virus to stay in the computer's memory during the entire Windows session.

Central Command said the Win32.Kriz.3862 virus, on December 25, 1999, will erase the CMOS memory, overwrite data in all files on all available drives, and then destroy the Flash BIOS by using the same routine that was found in the Win95.CIH virus, also known as the Chernobyl virus.

"It tries to damage the hardware by doing a [Chernobyl] type trick by trying to override the Flash BIOS," said Thompson.

He said that because Flash BIOS are designed to be field upgradeable, it is possible for other software to write code into it. Thompson said: "If it manages to override the Flash BIOS, the computer is effectively dead till someone puts a new Flash BIOS in."