CIH (computer virus)
| CIH | |
|---|---|
Hex dump of CIH 1.2 | |
| Malware details | |
| Alias | Chernobyl Virus |
| Type | File-infecting virus |
| Isolation date | June 1998 |
| Origin | Taiwan |
| Author | Chen Ing-Hau |
CIH, also known as the Chernobyl virus, is a computer virus that targets computers running the Windows 9x family of operating systems. There are several variants, with different trigger dates that cause the virus to activate on different days, ranging from once a month to once a year. The most widespread variant first activated on April 26, 1999, causing widespread damage to hundreds of thousands of computers worldwide and resulting in hundreds of millions of dollars of losses. CIH is notorious for its destructive payload, which overwrites critical areas of a computer's hard drive, leaving the data inaccessible. On some systems, it also intentionally corrupts the system's flash BIOS firmware stored on the motherboard. This makes the computer unable to boot, leaving the computer unusable until the BIOS chip or the entire motherboard is replaced.
The spread of the virus was extremely destructive. CIH spread primarily through infected software distributed over the Internet and on physical media, including pirated programs, software updates, and cover CDs attached to computer magazines. It exposed both security weaknesses in the Windows 95 and Windows 98 operating systems and risky user practices, including the widespread use of pirated software and the storage of important data without backup copies. It is one of the first widely distributed computer viruses known to be capable of damaging system firmware.
CIH was created by Chen Ing-hau while he was a computer science student at the Tatung Institute of Technology in Taiwan. He placed his initials in a text string within the virus code, leading to the name of the virus. It was written and first discovered in 1998, and spreads by infecting Portable Executable (PE) files used by Windows programs. When an infected program is run, the virus becomes memory-resident and infects other executable programs on the system. In the aftermath of the damage caused by the virus, Chen was questioned and detained by law enforcement agencies, but ultimately was never criminally charged.