Advertisement

CIH virus

From Academic Kids

CIH, also known as Chernobyl or Spacefiller, is a computer virus written by Chen Ing Hau of Taiwan. It is considered to be one of the most harmful widely circulated viruses, destroying all information on users' systems and in some cases overwriting the system BIOS.

Contents

History

On September 1998, Yamaha shipped a firmware update to their CD-R400 Drives that was infected with the virus. On October 1998, a demo version of the Activision game SiN that was propagated by users got infected due to contact with an infected file on a certain user's machine. That company's infection came from a group of Aptiva PC's shipped by IBM during March 1999 with the CIH virus pre-installed. The computers were shipped around a month before the CIH payload activated for the first time in the public eye on April 26, 1999. This was a catastrophic event, and an untold number of computers worldwide were affected with the first 1024 KB of their boot drives being over-written with 0 and even having their BIOS damaged, preventing the computer from successfully completing the POST process. By April 26, 2000, much of the damage was happening in Asia, but the virus was not as widespread there. On March 2001, the Anjulie Worm was discovered. It drops CIH v1.2 into the system as part of its payload. Today, CIH is not as widespread as it once was due to awareness of the threat and the fact it only affects older Windows 9x operating systems.

The virus made another comeback in 2001 when a variant of the Loveletter Worm in a VBS file containing a dropper routine for the CIH virus was circulated around the internet, disguised as a nude picture of Jennifer Lopez.

A modified version of the virus called CIH.1106 was discovered in December 2002, but it is not a serious threat.

CIH is considered a threat only if it infects programs used by mass-mailing computer worms, such as Klez, or if the Anjulie Worm comes into play. However, CIH only works on Windows 95, 98, and Windows Me, greatly limiting its effects.

Virus specifics

CIH spreads under the Portable Executable file format under Windows 95, Windows 98, and Windows ME. CIH does not spread under Windows NT, Windows 2000, or Windows XP.

Due to the fact that CIH infects a Portable Executable file, it fills in the gaps of empty space commonly seen in PE files. Hence, that earned CIH another name, "Spacefiller". The size of the virus is 1 kilobyte, but files do not grow at all. It uses methods of jumping from processor ring 3 to 0 to hook system calls.

The payload, which is considered extremely dangerous, first involves the virus overwriting the first megabyte (1024KB) of the hard drive with zeroes, beginning at sector 0. This often deletes the contents of the partition table, and may cause the machine to hang.

The second payload tries to overwrite the Flash BIOS with junk also. This routine will work on machines based on the Intel 430TX chipset, provided that the protection jumper is turned off. The aforementioned chipset allows writing to the Flash BIOS by a computer program.

For the first payload, the hard disk can be sent to a company that can recover the data if it is extremely important, or in some cases the drives contents can be recovered using Fix CIH (http://www.grc.com/cih.htm), a freeware program by Steve Gibson. Otherwise, one should run FDISK and repartition and reformat the hard drive. However, if the second payload goes off without a hitch, the computer will not start at all. A technician is required to reprogram or replace the Flash BIOS chip.

CIH v1.2/CIH.1103

This variant is the most common one and activates on April 26. It contains the string: CIH v1.2 TTIT.

CIH v1.3/CIH.1010A and CIH1010.B

This variant also activates on June 26. It contains the string: CIH v1.3 TTIT.

CIH v1.4/CIH.1019

This variant acts on the 26th of any month. It is still in the wild, although it isn't that common. It contains the string: CIH v1.4 TATUNG.

CIH.1106

This is a minor, fairly recent variation that appeared on December 2002.

See also

External links

fr:Tchernobyl (virus) ja:チェルノブイリ (コンピュータウィルス) pt:Win32/cih zh:CIH病毒

Navigation

Academic Kids Menu

  • Art and Cultures
    • Art (http://www.academickids.com/encyclopedia/index.php/Art)
    • Architecture (http://www.academickids.com/encyclopedia/index.php/Architecture)
    • Cultures (http://www.academickids.com/encyclopedia/index.php/Cultures)
    • Music (http://www.academickids.com/encyclopedia/index.php/Music)
    • Musical Instruments (http://academickids.com/encyclopedia/index.php/List_of_musical_instruments)
  • Biographies (http://www.academickids.com/encyclopedia/index.php/Biographies)
  • Clipart (http://www.academickids.com/encyclopedia/index.php/Clipart)
  • Geography (http://www.academickids.com/encyclopedia/index.php/Geography)
    • Countries of the World (http://www.academickids.com/encyclopedia/index.php/Countries)
    • Maps (http://www.academickids.com/encyclopedia/index.php/Maps)
    • Flags (http://www.academickids.com/encyclopedia/index.php/Flags)
    • Continents (http://www.academickids.com/encyclopedia/index.php/Continents)
  • History (http://www.academickids.com/encyclopedia/index.php/History)
    • Ancient Civilizations (http://www.academickids.com/encyclopedia/index.php/Ancient_Civilizations)
    • Industrial Revolution (http://www.academickids.com/encyclopedia/index.php/Industrial_Revolution)
    • Middle Ages (http://www.academickids.com/encyclopedia/index.php/Middle_Ages)
    • Prehistory (http://www.academickids.com/encyclopedia/index.php/Prehistory)
    • Renaissance (http://www.academickids.com/encyclopedia/index.php/Renaissance)
    • Timelines (http://www.academickids.com/encyclopedia/index.php/Timelines)
    • United States (http://www.academickids.com/encyclopedia/index.php/United_States)
    • Wars (http://www.academickids.com/encyclopedia/index.php/Wars)
    • World History (http://www.academickids.com/encyclopedia/index.php/History_of_the_world)
  • Human Body (http://www.academickids.com/encyclopedia/index.php/Human_Body)
  • Mathematics (http://www.academickids.com/encyclopedia/index.php/Mathematics)
  • Reference (http://www.academickids.com/encyclopedia/index.php/Reference)
  • Science (http://www.academickids.com/encyclopedia/index.php/Science)
    • Animals (http://www.academickids.com/encyclopedia/index.php/Animals)
    • Aviation (http://www.academickids.com/encyclopedia/index.php/Aviation)
    • Dinosaurs (http://www.academickids.com/encyclopedia/index.php/Dinosaurs)
    • Earth (http://www.academickids.com/encyclopedia/index.php/Earth)
    • Inventions (http://www.academickids.com/encyclopedia/index.php/Inventions)
    • Physical Science (http://www.academickids.com/encyclopedia/index.php/Physical_Science)
    • Plants (http://www.academickids.com/encyclopedia/index.php/Plants)
    • Scientists (http://www.academickids.com/encyclopedia/index.php/Scientists)
  • Social Studies (http://www.academickids.com/encyclopedia/index.php/Social_Studies)
    • Anthropology (http://www.academickids.com/encyclopedia/index.php/Anthropology)
    • Economics (http://www.academickids.com/encyclopedia/index.php/Economics)
    • Government (http://www.academickids.com/encyclopedia/index.php/Government)
    • Religion (http://www.academickids.com/encyclopedia/index.php/Religion)
    • Holidays (http://www.academickids.com/encyclopedia/index.php/Holidays)
  • Space and Astronomy
    • Solar System (http://www.academickids.com/encyclopedia/index.php/Solar_System)
    • Planets (http://www.academickids.com/encyclopedia/index.php/Planets)
  • Sports (http://www.academickids.com/encyclopedia/index.php/Sports)
  • Timelines (http://www.academickids.com/encyclopedia/index.php/Timelines)
  • Weather (http://www.academickids.com/encyclopedia/index.php/Weather)
  • US States (http://www.academickids.com/encyclopedia/index.php/US_States)

Information

  • Home Page (http://academickids.com/encyclopedia/index.php)
  • Contact Us (http://www.academickids.com/encyclopedia/index.php/Contactus)

  • Clip Art (http://classroomclipart.com)
Toolbox
Personal tools