Thursday, April 10, 2008

The CIH Virus

On April 26, 1999, systems around the world began dying. Something was both damaging information on hard drives and damaging their BIOS chips. Investigation turned up the CIH Virus, later known as Chernobyl because it was released on the anniversary of the Chernobyl reactor explosion.
The CIH virus somehow found it s way onto a set of IBM Aptiva PC s sold to Activision in March of 1999. Every copy of their latest game, SIN, came bundled with a bonus copy of the CIH virus.
When it infects a system, the virus actually squeezes into empty spaces in operating system files. CIH was sometimes known as the Spacefiller virus for this ability.
When the virus triggered, the first thing it did was to overwrite the first megabyte of the hard drive with zeroes. That area of the hard drive is critical, because that s where the partition information is usually stored.
Once the hard drive was hit, the virus would then turn to the BIOS chip.
BIOS stands for Basic Input Output System. The BIOS chip is the ROM, or Read Only Memory, of the computer. Without the BIOS, the computer would forget how to talk to the other hardware in the computer, like the keyboard and hard drives.
Normally, the BIOS is read-only. But by 1999, BIOS manufacturers had switched to chips that could be flashed, or reprogrammed. The CIH virus tried to use this ability to erase the BIOS.
In effect, the virus would try to kill the computer, first by making the hard drive unreadable, and then by making sure the system wouldn t boot without a new BIOS chip. Fortunately, due to a bug, the program only knew how to erase one brand of chips.
CIH was still damaging computers in Asia a year after it first triggered, and several viruses have been released that try to infect systems with newer versions of CIH.
Don t let your PC slow you down, download Free Anti Spyware.



Bookmark it: del.icio.usdigg.comreddit.comnetvouz.comgoogle.comyahoo.comtechnorati.comfurl.netbloglines.comsocialdust.comma.gnolia.comnewsvine.comslashdot.orgsimpy.com

No comments: