On CIH and Chernobyl


I have vague recollection of events before, as I was a new antivirus engineer doing the daily AVx stuff during that time and I only remember a few things about PE_CIH:

  1. That PE_CIH is a difficult challenging case, caused a lot of pain in the a**.
  2. April 26 was the trigger date of the payload activation, and it coincided with the anniversary of the Chernobyl Nuclear Disaster.
  3. Newer CIH variants surfaced and some have trigger dates of  every 26th of the month
  4. I remember some old Trend Micro calendar that have notable malware names on specific dates, don’t know if I still have it 🙂
  5. Life was a lot simpler then (haha menard is senti and is reminiscing 🙂 )

Fast forward to 2011, today is April 26, exactly 25 years after the unfateful events at the Chernobyl Nuclear Plant in old Ukranian SSR. And since nuclear power is a sensitive topic now (as Japan is still reeling from the Fukushima nuclear incident) I decided to post something about it here in my blog.

To those who want to grind more info about CIH/Chernobyl malware, here are some related materials:
Trend Micro Virus Report for PE_CIH Variant
Wikipedia Entry for the CIH virus
CERT post on the CIH virus
Graham Cluley post on Sophos’ Naked Security Blog

Image Credit: about-threats.trendmicro.com