In our Security information for week 3 we warned about the dangerous CIH virus with payload 26 April. We now have some experience with what happened, and it must be said that the outcome was even worse than expected.

Reports vary from different parts of the world. USA does not seem to have been hit very hard compared to other countries (even though it is of course bad for those who were hit). According to the reports, some Asian countries on the other hand, were hit very badly. From both Turkey and South Korea the numbers of PCs hit have been around 300.000 in each country according to the news reports.

European countries in general seem to have been affected worse that the USA - head of support staff in Norman's Norwegian subsidiary tells that he has never experienced a virus attack with such grave and large consequences.

Virus control manufacturers and media warned about the virus well before 26 April. Unlike the Melissa virus which spread at Easter time and caused several e-mail servers to overload, the CIH virus is not a new virus, and users could have protected themselves against this attack.

The moral of this might be that it is not sufficient that a virus control product in itself is updated and detects the newest viruses. Security personnel in organizations as well as end users have to take an active part in protecting themselves. Virus control software should be installed on all PCs and - most important - the virus signature files must be updated by the newest versions on a regular basis.

Per Olav Førland