Some companies have warned about the virus Emperor.5826. These warnings have also reached the news, and the virus has even been said to represent a larger damaging potential than the CIH virus which destroyed a lot of PCs last month. See more about this in our Security issue for week 17.

The virus Emperor.5826 is a DOS virus which infects EXE and COM files as well as the boot sector. Being a DOS virus means that its spread potential is limited. It does not stand out from the gray mass of viruses in any other way than its destructivity, which it shares with W95/CIH, Clawfinger and a couple of others.

It is aggressive (and buggy) to such an extent that it will be detected early on in any case. Norman Virus Control already detects the virus dropper generically, and will detect the virus in natural infections from next def file release.

We have not had any reports of this being found in the wild and the chance for this is very unlikely. It is not deemed as any serious threat by Norman. One may be tempted to say that this is yet another virus hype, probably triggered by the real danger and damages caused by the Melissa and CIH viruses recently.

Norman will of course monitor the situation; in the off chance that we might be wrong about the danger it represent. More information will then be supplied.

Per Olav Førland