Press Releases

Browse our press release archive

26 Apr 2004

Fifth anniversary of Chernobyl computer virus attack

Chen Ing-Hau
Chen Ing-Hau, the author of the Chernobyl or CIH virus

Five years ago today, on 26 April 1999, the CIH virus (also known as Chernobyl) caused considerable damage as it flashed critical chips inside computers worldwide. According to government reports, in South Korea alone it caused over $250 million damage, infecting a quarter of a million computers.

The virus, named "Chernobyl" by the media as it was programmed to activate its destructive payload on the thirteenth anniversary of the Chernobyl reactor meltdown, was able to wipe the data from users' hard disks and overwrite the computer BIOS chip, making the computer unusable.

"The Chernobyl virus opened a new chapter in the severity of computer malware," said Graham Cluley, senior technology consultant for Sophos. "It could effectively turn your computer into a useless lump of plastic - the only way to get your PC working again was to open it up and replace the chip."

Once the BIOS chip of infected computers was overwritten by the Chernobyl virus, users found they were unable to use their computers at all. Repair involved physically removing the BIOS chip and replacing it with a fresh one. On some computers, the BIOS chip is not removable, and so it could only be replaced by swapping the entire motherboard.

In September 2000, the Taiwanese military authorities detained Chen Ing-Hau in connection with the Chernobyl virus.

"Today more and more virus writers are turning away from the data destructive payloads used by Chen Ing-Hau in the Chernobyl virus, and implementing more insidious forms of attack instead," continued Cluley. "Increasingly we are encountering more viruses which are designed to steal information - such as credit cards and passwords - from compromised computers. All companies should ensure they are properly protected."

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.