I have vague recollection of events before, as I was a new antivirus engineer doing the daily AVx stuff during that time and I only remember a few things about PE_CIH:
- That PE_CIH is a
difficultchallenging case, caused a lot of pain in the a**.
- April 26 was the trigger date of the payload activation, and it coincided with the anniversary of the Chernobyl Nuclear Disaster.
- Newer CIH variants surfaced and some have trigger dates of every 26th of the month
- I remember some old Trend Micro calendar that have notable malware names on specific dates, don’t know if I still have it 🙂
- Life was a lot simpler then (haha menard is senti and is reminiscing 🙂 )
Fast forward to 2011, today is April 26, exactly 25 years after the unfateful events at the Chernobyl Nuclear Plant in old Ukranian SSR. And since nuclear power is a sensitive topic now (as Japan is still reeling from the Fukushima nuclear incident) I decided to post something about it here in my blog.
To those who want to grind more info about CIH/Chernobyl malware, here are some related materials:
Trend Micro Virus Report for PE_CIH Variant
Wikipedia Entry for the CIH virus
CERT post on the CIH virus
Graham Cluley post on Sophos’ Naked Security Blog
Image Credit: about-threats.trendmicro.com