CIH virus who knows who invented it?

CIH is a computer virus, and its name comes from the initials of Chen Yinghao, a computer geek, whose author was then a student of Taiwan Province Datong Institute of Technology (now Datong University). It is considered as one of the most harmful and widespread viruses, which will destroy all the information on the user's system and, in some cases, rewrite the BIOS of the system. Because the versions of 1.2 and 1.3 of CIH virus attacked on April 26th, which coincided with the anniversary of the Chernobyl nuclear accident, it was once thought that the writing motivation of the virus author was related to the Chernobyl accident, so CIH virus was also called Chernobyl virus.

history

1September, 1998, Yamaha provided a firmware update for the infected CD-R400 driver. 1998 10, a trial version of activision's game SiN spread by users, was infected because it contacted infected files on users' machines. The infection source of this company comes from a batch of Aptiva brand personal computers infected with CIH virus released by IBM1March 1999. 1On April 26th, 999, when the public began to pay attention to the first attack of CIH, these computers had been shipped out for one month. This is a disaster. Countless computer hard disks around the world are covered with junk data, and even the BIOS is destroyed and cannot be started. By April 26th, 2000, there had been a lot of damage in Asia, but the virus did not spread. In March of 200 1 year, Anjulie worm was discovered, which implanted CIH v 1.2 into the infected system. Now, CIH is not as widespread as it was when it first appeared, because people have realized the threat to it, and it can only run on the old Windows 9X operating system.

The resurgence of this virus was at 200 1. The variant of the love bug virus disguised as nude photos of jennifer lopez in VBScript documents contains the hook routine of CIH virus, which makes the virus spread on the Internet.

A revised edition is CIH. 1 106, which was discovered in February 2002, but it is not seriously destructive.

CIH will only be regarded as a threat if it is infected with a large number of programs used by computer worms (such as cover letter virus) or involves Anjulie worm virus. However, the CIH virus only attacks windows 95, 98 and windows Me systems, with limited impact.

Viral characteristics

CIH is spread on Windows 95, Windows 98 and Windows ME in portable executable file format. CIH will not spread on Windows NT, Windows 2000 or Windows XP.

Because CIH will infect executable files, it will occupy the vacant position of general executable files. Therefore, CIH also has a nickname called "space filler". The size of this virus is about 1KB, but the file will not grow. It uses the method of jumping from processor ring 3 to 0 to trigger the system call.

When he has an attack, it is very dangerous. First, the virus will write zero data in the first megabyte (1024KB) starting from sector 0 in hard disk and floppy disk. This usually deletes the contents of the partitioned table, which may cause a crash.