02:02 GMT17 May 2021
Listen Live

    “Chernobyl”: The Virus That “Killed” Motherboards

    In Depth
    Get short URL
    Ghosts in the Machine: The History of Computer Malware (5)

    In the eyes of an average PC user the term “computer virus” usually means “software product” – something that can infect the operating system and destroy other programs. Many wonder whether a virus can actually damage hardware – motherboards, processors or memory chips. Well, yes… and no.

    In April of 1999, thousands of customers who bought IBM Aptiva computers received a warning from the manufacturer. Their brand-new PCs came pre-packaged with a deadly beast – a virus that was supposed to “kill” the machine on April 26th – the date of the Chernobyl nuclear plant disaster, and, as it turned out – the birthday of the virus’ author.

    Written by Chen In-hau – a student from Taiwan, “Chernobyl”, which is also known by its codename “CIH”, became the first piece of malware that affected  the most privileged circuit of PC processors. It also caused heavy damage to BIOS – the firmware responsible for a computer’s boot-up and basic functions, showing nothing but the so-called “blue screen of death.”

    Here’s Youtube user Denooct1 demonstrating the effect of the virus on his PC:

    “We have a taskbar and no desktop. You can press buttons and now it’s frozen. So what it’s done is if this motherboard was compatible with it, it should have overwritten the BIOS and also I think overwritten the partition table on the hard drive. So it doesn’t destroy data – it just makes it inaccessible through normal means.”

    “Chernobyl” was very hard to detect. Just like the human immunodeficiency virus it remained untraceable until the scheduled launch date, because it filled blank spaces inside software code instead of adding extra data, thus mimicking normal program operation and avoiding detection by antiviruses.

    The first few copies of CIH were distributed by Cheng In-hau on the campus of his Alma Mater – the Tatung University in Taiwan, but after that “Chernobyl” spread very quickly, infecting 60 million computers worldwide.

    Users who failed to use the antivirus had their machines turn into a piece of junk. Motherboards ravaged by “Chernobyl” were showing no signs of life whatsoever and it was impossible to fix them at home. Only special PC repair shops were able to solve the problem by physically replacing the damaged BIOS chip.

    In a few months the “Chernobyl” epidemic was thwarted as media hype made users take extra precautions and avoid launching software without checking it with antivirus first.

    But, as you might have heard, history repeats itself, "the first as tragedy, then as farce". CIH made another brief comeback in 2001 as part of the LoveLetter worm. The “Chernobyl” payload was disguised as an email attachment with nude pictures of Jennifer Lopez, luring unsuspecting users with the beauty of “Jenny From The Block” and at the same time — dropping their motherboards “on the floor.”

    In today’s world, when computer hardware is being thoroughly tested to withstand any possible dangers coming from software, it’s hard to imagine that a virus like “Chernobyl” could inflict as much damage as it did at the turn of the century.

    But if you get an email from unknown sender with “nude pictures of J-Lo”– you’d probably be better off clicking the “Spam” button… Just in case.

    Ghosts in the Machine: The History of Computer Malware (5)
    Chernobyl virus, computer virus, malware, CIH
    Community standardsDiscussion