The CIH virus, also known as Chernobyl, caused widespread global damage on April 26, 1999, by destroying data and motherboard BIOS chips on approximately 60 million Windows 9x computers.

Key Points

• Created by student Chen Ing-hau in 1998, the 1 KB virus infected Windows 95, 98, and ME systems through pirated software and commercial distribution channels.
• The virus utilized a sophisticated "space filler" technique to hide within unused gaps in executable files, successfully evading contemporary antivirus software.
• Upon activation, the payload overwrote boot drive partition tables and attempted to corrupt motherboard BIOS chips, rendering many affected machines completely inoperable.
• The incident resulted in an estimated $40 million in commercial damages and prompted the Taiwanese government to enact new computer crime legislation.
• Notable distribution incidents included pre-infected IBM Aptiva PCs and compromised firmware updates for Yamaha CD-R400 drives.

Why it Matters

The CIH outbreak remains a landmark event in cybersecurity history for demonstrating how a compact, kernel-level exploit could cause catastrophic physical and digital damage on a global scale. It forced the industry to move beyond simple file-size detection methods and highlighted the critical need for robust, hardware-level security protections in personal computing.