Sign up to save your podcasts
Or
Share DP50 CIH Virus
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DP50 CIH Virus
Otherwise known as Chernobyl or Spacefiller, CIH was a Microsoft Windows 9x computer virus. It first emerged by 1998 and was highly destructive to vulnerable systems. From overwriting critical information to infecting system drives, this was the next big splash of a virus after the Morris worm.
Created by Chen Ing-hau, a student at Tatung University in Taiwan, and is the CEO and founder of 8tory (a facebook memory app). At the time, the virus infected roughly sixty million computers internationally and resulted in $1 billion US in commercial damages.
According to Chen, he claimed the virus was written due to bold claims from antivirus software developers that their programs were antiviral efficient. Once Chen got the virus to spread thanks in part to some of his classmates, he apologized to the school and created an antivirus program himself to stop the CIH virus.
Similarly to the Morris worm incident, Chen wasn’t charged with anything because no victims came forward with a lawsuit. Though this event did usher new computer crime legislation in Taiwan.
So how did this virus get the aliases Chernobyl and Spacefiller? Well for Chernobyl, the name was coined that since people knew the virus as CIH during infection. But CIH also was a reference to the payload trigger date in some variants of this virus. This trigger date coincided with the Chernobyl disaster on April 26th.
How the virus got the name Spacefiller was due to the fact that most viruses wrote their code to the end of the infected file. This means that when virus like that infected a file, the file size would inflate dramatically, make it obvious that the file was infected.
CIH behaved differently in that it looked for gaps in the program code and wrote itself into those gaps. As a result, this didn’t increase file size and made it harder to spot the virus.
Getting into specifics of this virus, how it caused damage was by hiding in the shadows and triggering on the aforementioned date.
First, the virus would overwrite the first megabyte of a hard drive with zeroes. This deleted the contents of the partition table and users could see one of two things: the machine hanging on cue, or you’d see the blue screen of death.
It’s because of this particular payload that caused so much disruption and damage. After all, in March 1999, thousands of IBM Aptivas were shipped with this virus all conveniently one month away from when the virus would get activated.
On top of that, Yamaha shipped software updates on December 31st, 1999 with this virus too.
Because of those occurrences, there was a lot of damage done. Thankfully the author of the virus released a fix for this problem.
The same can’t be said though for other variants of this virus. While Chen isn’t behind any of the variants, the variants behave in similar fashions, activating on the 26th of April. Some even activate on the 26th of any given month.
View all episodes
By dpappOtherwise known as Chernobyl or Spacefiller, CIH was a Microsoft Windows 9x computer virus. It first emerged by 1998 and was highly destructive to vulnerable systems. From overwriting critical information to infecting system drives, this was the next big splash of a virus after the Morris worm.
Created by Chen Ing-hau, a student at Tatung University in Taiwan, and is the CEO and founder of 8tory (a facebook memory app). At the time, the virus infected roughly sixty million computers internationally and resulted in $1 billion US in commercial damages.
According to Chen, he claimed the virus was written due to bold claims from antivirus software developers that their programs were antiviral efficient. Once Chen got the virus to spread thanks in part to some of his classmates, he apologized to the school and created an antivirus program himself to stop the CIH virus.
Similarly to the Morris worm incident, Chen wasn’t charged with anything because no victims came forward with a lawsuit. Though this event did usher new computer crime legislation in Taiwan.
So how did this virus get the aliases Chernobyl and Spacefiller? Well for Chernobyl, the name was coined that since people knew the virus as CIH during infection. But CIH also was a reference to the payload trigger date in some variants of this virus. This trigger date coincided with the Chernobyl disaster on April 26th.
How the virus got the name Spacefiller was due to the fact that most viruses wrote their code to the end of the infected file. This means that when virus like that infected a file, the file size would inflate dramatically, make it obvious that the file was infected.
CIH behaved differently in that it looked for gaps in the program code and wrote itself into those gaps. As a result, this didn’t increase file size and made it harder to spot the virus.
Getting into specifics of this virus, how it caused damage was by hiding in the shadows and triggering on the aforementioned date.
First, the virus would overwrite the first megabyte of a hard drive with zeroes. This deleted the contents of the partition table and users could see one of two things: the machine hanging on cue, or you’d see the blue screen of death.
It’s because of this particular payload that caused so much disruption and damage. After all, in March 1999, thousands of IBM Aptivas were shipped with this virus all conveniently one month away from when the virus would get activated.
On top of that, Yamaha shipped software updates on December 31st, 1999 with this virus too.
Because of those occurrences, there was a lot of damage done. Thankfully the author of the virus released a fix for this problem.
The same can’t be said though for other variants of this virus. While Chen isn’t behind any of the variants, the variants behave in similar fashions, activating on the 26th of April. Some even activate on the 26th of any given month.