Chernobyl computer virus toll tops 540,000

Attention 281.COM customers:  Please call our office to have an Emergency Virus detection disk made for you to check your computer if you have been practicing "Unsafe Computing."  This is a free service for 281 Internet Customers if you provide a 3 1/2" Floppy disk.  Otherwise the charge is $2.00.

The destructive Chernobyl computer virus slammed South Korea and Turkey on Monday -- crashing more than half a million computers by reformatting hard drives and, in some cases, zapping a key chip on the computers' motherboards.

The virus, believed by antivirus software firms to have originated in Taiwan, infects computers running Windows 95 and 98 when a previously infected executable file -- one with the .EXE extension -- is run.

The virus activates only on specific dates. Two variants of the virus struck on Monday: The more widespread variant strikes every April 26, while the less common strain strikes on the 26th day of every month. The April variant is known as the Chernobyl virus because its activation date -- April 26 -- is the anniversary of the 1986 Chernobyl nuclear disaster in the former Soviet Union.

Both variants, and a third that strikes on June 26, were discovered in May 1998.

More malevolent than Melissa

While only scattered reports, possibly totaling 10,000 systems, were recorded in the United States, both the Korean and Turkish governments admitted to much more widespread infections.

In the Republic of Turkey, more than 300,000 computers were affected by the virus, said government officials on Tuesday, according to an Associate Press report. The virus hit computers in some private banks, police departments, an army school, an airport in Izmir on Turkey's Aegean coast and the state-owned TRT television.

The Republic of Korea was hit equally as hard -- with anywhere from a government-admitted 240,000 computers hit to an industry estimate of 600,000. The Korean Information and Communication Ministry said antivirus program developers received reports of infection from about 1,000 private companies, 200 government and public organizations and 300 universities. In addition, the Korean Supreme Court had to delay some rulings because evidence saved on computers was lost, said Susan Orbuch, spokeswoman for antivirus firm Trend Micro Inc., which has an office in Korea.

That makes the Chernobyl virus much more destructive than the Melissa virus, which infected over 100,000 computers in the United States at the end of March, said Rob Rosenberger, Web master of Computer Virus Myths Homepage.

"If these numbers are right, [Chernobyl] has broken the record for viruses," he said, adding that he had thought the Chernobyl outbreak would have been smaller. "With all of the updating out there for Melissa, these people somehow failed to protect themselves against [Chernobyl]."

Why Korea and Turkey?

Experts weren't sure why Korea and Turkey took the brunt of the outbreak.

One theory: The virus piggybacked on pirated software, common in countries outside the United States. In fact, Ted Loh, managing director of Thai system integrator Tygre Systems Co. Ltd., estimated that 20 percent of CD-ROMs in Thailand carry the Chernobyl virus.

Loh points to the pirated CD-ROMs as the No. 1 reason for the massive infection, which in Thailand could reach several thousand, he estimated. In addition, Asia was largely unaffected by the Melissa virus, preventing countries from preparing for a more serious virus outbreak.

With Melissa much more publicized in the United States, organizations updated their virus software and raised awareness of viruses in general.

"The Melissa virus was a very valuable wake-up call, especially in the United States where a lot of companies are dependent on Outlook and Microsoft Exchange," said Dan Schrader, director of product marketing for Trend Micro. "In updating for the Melissa virus, most American companies unwittingly protected themselves against [Chernobyl]."

U.S. mainly spared

Some U.S. universities and corporations reported tens, and occasionally, hundreds of cases, but for the most part, U.S. users were prepared for Chernobyl's activation day.

According to the CERT Coordination Center at Carnegie Mellon University, a total of 195 organizations have reported problems involving 2,023 computers. The majority of reports have been from home computer users and educational institutions, said Bill Pollak, spokesman for the center.

Among academic institutions, Notre Dame had at least 130 machines hit, Boston College students lost data on about 100 PCs, and several were downed at Vanderbilt. "[Chernobyl] did not have a negligible impact here," wrote Bob Zwaska with the Office of Information Technologies at Notre Dame in a Tuesday e-mail.

Several students lost term papers and final theses as the school year was coming to a close. "More people [need to] take the [Chernobyl] virus seriously," wrote a Notre Dame student, Brian Snyder, whose roommate's computer stopped working on Monday after being hit with the virus. "Especially on college campuses where file sharing is everywhere."

Reuters contributed to this report.