#years #devastating #Chernobyl #virus #struck #attacked #computers #world #Živě.cz
On Monday, April 26, 1999, the world first felt the power of a destructive virus labeled CIH. However, the public quickly renamed it Chernobyl because it attacked on the anniversary of the accident of the nuclear power plant of the same name. CIH is still among the most famous destructive viruses. Thanks to the catchy nickname, the scale of the attack and the method used.
It was written by Taiwanese student Chen Jing-chao as a reaction to the arrogant behavior of anti-virus companies promising that their software will protect the computer perfectly. CIH was early proof that this was not the case. Many viruses of the time worked by inserting malicious code at the end of the file. However, this made it bigger and for the antivirus it was a signal that someone had changed the program. CIH filled in the blanks in the code and did not enlarge the modified file. It was literally called Spacefiller. However, the nickname Chernobyl took off better.
The virus attacked computers running Windows 95, 98 and Me. It didn’t work on older systems, even the NT family. He attacked on two levels. He was able to delete the first 1024 kB on the hard drive, so he overwrote the MBR with zeros only, where the operating system bootloader and the disk partition table are located. A blue screen of death appeared after the infected computer started. But the data could be saved.
Computer hacked by CIH/Chernobyl
In the second level, he also rewrote the bios itself. This could actually physically destroy the motherboard itself, or it would have to be fixed by replacing the chip with the stored bios. But the second level did not work everywhere, because the virus was not so sophisticated and only targeted a certain family of EEPROM chips. And motherboards at that time could already have write protection. Nevertheless, CIH was demonstrably harmful.
It struck mainly in Asia, but according to Kaspersky Lab they also captured it in the USA, Australia or several countries in Europe, including neighboring Austria. The virus has been spreading since 1998, when Chen Jingchao released it. It then propagated between people using P2P networks. IBM inadvertently distributed it on parts of new computers, Yamaha bundled it with CD burner utility software, etc.
The author himself later apologized and released an antivirus that removed CIH from computers. Historical sources state that it may have infected up to 60 million PCs. What is poignant is that Chen Jingchao went away without punishment. No attacked company sued him at the time, and Taiwan did not yet have a law that would take this type of cybercrime into account.
CIH had several mutations that attacked on different days or with a different frequency. Followers also appeared who were better able to hide from antiviruses and could theoretically do even more damage. We covered them in contemporary articles:
:quality(85)/cloudfront-us-east-1.images.arcpublishing.com/infobae/XYMNNIHJGMPHAVRWVLJSDMHRCE.jpg)
:quality(85)/cloudfront-us-east-1.images.arcpublishing.com/infobae/XX5C7EMUHVDYDGTHFLQWJSZMKY.jpg)
