Chernobyl virus: what is it?

Print anything with Printful



The Chernobyl virus, originally called CIH or Spacefiller, infects Windows®-based operating systems and overwrites PE format files. It caused over $200 million USD worth of damage and has several variants, including the Love Bug virus which caused billions of dollars in damage.

The Chernobyl virus is a malicious computer program designed to infect Windows®-based operating systems. It was originally referred to as CIH virus and Spacefiller. The name “Chernobyl virus” was coined because its first payload activation occurred on April 16, 1999, the 13th anniversary of the Chernobyl disaster.

Chen Ing Hau wrote about the virus in 1998 during his college days at Taiwan’s Tatung University. She admitted to writing the virus after realizing it could be traced back to him. The Chernobyl virus was designed to infect computers running Windows® 95, 98 and ME operating systems.

The initial payload of the virus works by stealthily overwriting PE format files. When first installed, the virus splits itself and inserts its parts into the spaces between files. This allows the virus to replicate quickly. By filling in the gaps only, the virus does not increase the size of a file, making it more difficult for antivirus software to detect it. This earned the virus the nickname “Spacefiller”.

Worms such as the Chernobyl virus destroy programs and executable files on the computers they infect. They overload computers with extra scripts, causing them to slow down. In the case of the Chernobyl virus, its secondary payload also infects the Flash BIOS which prevents the computer from booting.

Asian and Middle Eastern countries have been hardest hit by the virus. This is mainly due to the prevalence of pirated operating systems and the disregard for cyber security in these countries. It was estimated that the virus caused more than $2 hundred million US Dollars (USD) worth of damage in cleanup and file recovery.
Several variants of the virus have been written since the original was activated. Three of the lesser known variants are CIH v1.2 TTIT, CIH v1.3 and CIH v1.4. The main difference between the variants is the activation date of the payload. The last known variant, CIH.1106, was discovered in 2002. However, since most antivirus software was able to recognize the virus, its effect was not as widespread as its predecessors.
Another variant of the Chernobyl virus is the infamous “I Love You” or “Love Bug” virus. The Love Bug was spread via emails with the subject line “I love you.” Because of the subject line, most people who received the email opened it. This amplified the Love Bug’s spread, infecting millions of users, including government and corporate computers. It is reported that the damage caused by the virus has been in the billions of US dollars.




Protect your devices with Threat Protection by NordVPN


Skip to content