Chernobyl malware has more destructive capabilities.

Chernobyl malware has destructive capabilities that new malware can't fight with BIOS flash.

Many old malware is often inferior to new malware, both purely in the field of system destruction, and infiltration often cannot fight new malware, but some can do what new malware cannot.

According to a report by the Tom's Hardware website that mentions monitoring malware as small as 1 KB, which was developed during 1998 (d. In 1999, about 27 years ago, by a student at Tatung University, Chen Ing-Hau, the malware was named CIH after its creator, and it was quite a coincidence that it was first released on April 26, the day of the Chenobil nuclear power plant accident, which earned the malware the nickname Chernobyl. The damage done by the malware was called high and severe, with over 60 million computers infected with the malware, it caused up to $40 million ($1,290,580,000) in damage. The Prosecutor of Taiwan was unable to convict Chen Ing-Hau because, in Taiwan's criminal law at the time, the victim was required to be a direct indictor, but no victim was indicted, while Chen Ing-Hau excused the purpose of creating the malware as a challenge to the anti-Virus developer who boasted of the performance of his own product. The malware damage later forced Taiwan to solve the computer wrongdoing law.

This malware first began to spread through bootleg software in the summer of 1998 (1999), but began a global scourge behind the memory of IBM's Aptiva PCs with such malware installed inside the machine (Pre-Installed) in March 1999. A month earlier, Yamaha had distributed the CD-R version of the CD-R400 firmware, which was infiltrated by malware, and in July the same year, at DEF CON 7, a global collection of hackers, the Back Orifice 2000 tool was distributed, which was also infiltrated by malware.

Chernobyl malware is categorized as a "fill-in" or Space-Filler malware that can insert code into code spaces on files for execution instead of inserting itself on the header or end of a file. The malware scans files in Windows Portable Executable to find out what gaps in the code and then inserts itself. The insertion of a 1KB file code changed the file size, leading to anti-virus programs of the time that used check-in-size checks. File. Cannot work and detect.

After the malware runs on the victim's machine, the malware intervenes in the Processor in channels from Ring 3 to Ring 0, allowing the malware to control the Kernel-Level System File and then swallow the system every time the victim activates it. This method can only work on Windows 95, 98, and ME, while Windows NT, the prototype of the currently active version, can prevent this form of attack.

Once the Chernobyl malware is able to run on the victim's machine, the malware overwrites the first Megabyte part of the boot drive with all 0 numbers, causing Partition destruction of the driver so that it cannot access the driver. After that, it will try to flash the malware into the BIOS (Basic Input Output System) chip. If successful, the damage will be so severe that it cannot be used except for the new BIOS chip. The latter attack is usually successful on an unprotected Intel 430TX chipset. Overwriting the BIOS without permission is so bad that it's unimaginable for this old malware.

# Trending # Lemon 8 Howtoo # lemon 8 diary # chernobyl # freedomhack