Security news
Security news26 April 2004
Fifth anniversary of Chernobyl computer virus attack
 |
| Chen Ing-Hau, the author of the Chernobyl or CIH virus |
Five years ago today, on 26 April 1999, the CIH virus (also known as Chernobyl) caused considerable damage as it flashed critical chips inside computers worldwide. According to government reports, in South Korea alone it caused over $250 million damage, infecting a quarter of a million computers.
The virus, named "Chernobyl" by the media as it was programmed to activate its destructive payload on the thirteenth anniversary of the Chernobyl reactor meltdown, was able to wipe the data from users' hard disks and overwrite the computer BIOS chip, making the computer unusable.
"The Chernobyl virus opened a new chapter in the severity of computer malware," said Graham Cluley, senior technology consultant for Sophos. "It could effectively turn your computer into a useless lump of plastic - the only way to get your PC working again was to open it up and replace the chip."
Once the BIOS chip of infected computers was overwritten by the Chernobyl virus, users found they were unable to use their computers at all. Repair involved physically removing the BIOS chip and replacing it with a fresh one. On some computers, the BIOS chip is not removable, and so it could only be replaced by swapping the entire motherboard.
In September 2000, the Taiwanese military authorities detained Chen Ing-Hau in connection with the Chernobyl virus.
"Today more and more virus writers are turning away from the data destructive payloads used by Chen Ing-Hau in the Chernobyl virus, and implementing more insidious forms of attack instead," continued Cluley. "Increasingly we are encountering more viruses which are designed to steal information - such as credit cards and passwords - from compromised computers. All companies should ensure they are properly protected."
