The CIH (Chernobyl) Virus (1998)
First Detected: June 1998
Created By: Chen Ing-hau (Taiwanese student)
Operating Systems Targeted: Windows 95, 98, ME
Introduction
The CIH virus, also known as Chernobyl, was one of the most destructive computer viruses ever created. Unlike most viruses at the time, which primarily targeted files, CIH was capable of overwriting system BIOS, rendering infected computers completely inoperable.
How It Worked
- CIH infected executable (.exe) files on Windows 95, 98, and ME systems.
- It remained dormant until its activation date, typically April 26 (the anniversary of the Chernobyl nuclear disaster).
- Once activated, it attempted to overwrite critical system files and erase the BIOS.
- In cases where BIOS was wiped, the computer would fail to boot, sometimes requiring hardware replacement.
Impact & Significance
The virus caused widespread damage, particularly in Asia and Europe. It reportedly affected over 1 million computers, including government and business systems.
Since CIH could overwrite the BIOS, it was one of the first viruses capable of bricking computers permanently.
Key Lessons from the CIH Virus
- Demonstrated that software-based BIOS attacks were possible.
- Emphasized the need for regular system updates and secure file execution.
- Led to improved BIOS security and the adoption of modern firmware protections.
Modern Relevance
While CIH itself is no longer a threat, its techniques inspired modern attacks targeting firmware and low-level system functions.
Today's cybersecurity measures include UEFI security, BIOS protection, and secure boot mechanisms to prevent similar attacks.