Summary Report on a Malicious Code Attack: The CiH Virus
Summary Report on a Malicious Code Attack: The CiH Virus
CiH Virus Summary
Description of CIH Virus
The CIH Virus, also known as the Chernobyl Virus, was directed towards Microsoft Windows platforms. It became known as the Chernobyl Virus because the triggered payload date is April 26th, the same date as the Chernobyl disaster (this is purely coincidental). The name of the virus is derived from the virus’s creator, Chen Ing-Hau.
Payload is defined as the malicious activity that is a result of the activation of a computer virus. The CIH virus was designed to overwrite the machine’s BIOS program code, while still leaving it fully intact. The BIOS code is fundamental because it directly accesses hardware to test system memory and disk drives whenever the computer is booted. This is how the local disk is able to load the operating system at boot, and generally most [newer Windows OSs] will store the BIOS on write-able RAM memory to allow updates when available – hence a more secure network. CIH also disabled Font Removal and created conflict problems in the computer’s TCP/IP protocol.
What the CIH virus did was temporarily disable the BIOS’s functionality. Without the BIOS initiated, a Windows machine simply will not boot. Users would try and reboot the machine from an .iso file placed on a floppy disk/CD/DVD/flash drive/etc. however once the damage is done, it can’t be reversed because the computer is designed to revert to the original BIOS code on the computer, not the correct BIOS from the outside source.
Users with advanced knowledge could take the BIOS chip from an identical second machine and switch them to fix the problem, however this takes extreme precision – the BIOS chip is physically soldered to the motherboard, and one mistake could render it unusable.
Originally, CIH affected the following Microsoft Operating Systems – Windows 95, Windows 98, and Windows ME. Over time, CIH also affected Windows NT, Windows 2000, XP, and Vista. In particular, XP
CiH Virus Summary
Description of CIH Virus
The CIH Virus, also known as the Chernobyl Virus, was directed towards Microsoft Windows platforms. It became known as the Chernobyl Virus because the triggered payload date is April 26th, the same date as the Chernobyl disaster (this is purely coincidental). The name of the virus is derived from the virus’s creator, Chen Ing-Hau.
Payload is defined as the malicious activity that is a result of the activation of a computer virus. The CIH virus was designed to overwrite the machine’s BIOS program code, while still leaving it fully intact. The BIOS code is fundamental because it directly accesses hardware to test system memory and disk drives whenever the computer is booted. This is how the local disk is able to load the operating system at boot, and generally most [newer Windows OSs] will store the BIOS on write-able RAM memory to allow updates when available – hence a more secure network. CIH also disabled Font Removal and created conflict problems in the computer’s TCP/IP protocol.
What the CIH virus did was temporarily disable the BIOS’s functionality. Without the BIOS initiated, a Windows machine simply will not boot. Users would try and reboot the machine from an .iso file placed on a floppy disk/CD/DVD/flash drive/etc. however once the damage is done, it can’t be reversed because the computer is designed to revert to the original BIOS code on the computer, not the correct BIOS from the outside source.
Users with advanced knowledge could take the BIOS chip from an identical second machine and switch them to fix the problem, however this takes extreme precision – the BIOS chip is physically soldered to the motherboard, and one mistake could render it unusable.
Originally, CIH affected the following Microsoft Operating Systems – Windows 95, Windows 98, and Windows ME. Over time, CIH also affected Windows NT, Windows 2000, XP, and Vista. In particular, XP