Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
CIH (computer virus)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==History== The virus first emerged in 1998. In March 1999, several thousand [[IBM]] [[IBM Aptiva|Aptivas]] shipped with the CIH virus,<ref>{{cite web | last=Weil | first=Nancy | title=Some Aptivas shipped with CIH virus | website=CNN | date=1999-04-07 | url=http://www.cnn.com/TECH/computing/9904/08/aptivirus.idg/index.html | archive-url=https://web.archive.org/web/20070104171525/http://www.cnn.com/TECH/computing/9904/08/aptivirus.idg/index.html | archive-date=2007-01-04 | url-status=live}}</ref> just one month before the virus would trigger. In July 1999, copies of [[remote administration tool]] [[Back Orifice 2000]] given out to [[DEF CON]] 7 attendees were discovered by the organizers to have been infected with CIH.<ref>{{cite web | title=Back Orifice CDs infected with CIH virus - Tech News on ZDNet | website=[[ZDNet]] | date=July 14, 1999 | url=http://news.zdnet.com/2100-9595_22-515160.html | archive-url=https://web.archive.org/web/20070311051432/http://news.zdnet.com/2100-9595_22-515160.html | archive-date=2007-03-11 | url-status=dead}}</ref> On December 31, 1999, [[Yamaha Corporation|Yamaha]] shipped a software update to their CD-R400 drives that was infected with the virus. In July 1998, a [[Game demo|demo]] version of the [[first-person shooter]] game ''[[Sin (video game)|Sin]]'' was infected by one of its mirror sites.<ref>{{cite web | title=US Report: Gamers believe Activision's 'SiN' carries CIH virus | website=ZDNet.co.uk | date=28 Jul 1998 | url=http://news.zdnet.co.uk/security/0,1000000189,2068990,00.htm | archive-url=https://web.archive.org/web/20090417075559/http://news.zdnet.co.uk/security/0,1000000189,2068990,00.htm | archive-date=2009-04-17 | url-status=dead}}</ref> CIH's dual payload was delivered for the first time on April 26, 1999, with most of the damage occurring in [[Asia]].<ref>{{Cite web |last=Lemos |first=Robert |date=May 25, 1999 |title=Is the CIH virus on the endangered list? |url=https://www.zdnet.com/article/is-the-cih-virus-on-the-endangered-list/}}</ref> CIH filled the first 1024 [[kilobyte|KB]] of the host's [[boot drive]] with zeros and then attacked certain types of [[BIOS]]. Both of these payloads served to render the host computer inoperable, and for most ordinary users, the virus essentially destroyed the PC. Technically, however, it was possible to replace the [[BIOS chip]],{{citation needed|date=May 2024}} and methods for recovering [[Hard disk drive|hard disk]] data emerged later.{{citation needed|date=May 2024}} The virus made another comeback in 2001 when a variant of the [[ILOVEYOU|LoveLetter Worm]] in a [[VBScript|VBS]] file that contained a dropper routine for the CIH virus was circulated around the internet under the guise of a nude picture of [[Jennifer Lopez]]. A modified version of the virus called CIH.1106 was discovered in December 2002, but it is not widespread and only affects Windows 9x-based systems.<ref>{{Cite web|title=Virus:DOS/CIH|url=https://www.f-secure.com/v-descs/cih.shtml|url-status=live|access-date=2021-12-07|website=F-Secure Labs|language=en|archive-url=https://web.archive.org/web/20010128151200/http://www.f-secure.com:80/v-descs/cih.shtml |archive-date=2001-01-28 }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)