A major strain of the CIH computer virus -- which some in the computer industry call the most powerful computer virus ever written -- will reactivate tomorrow.
But to prevent further losses, the virus's author, Kaohsiung resident Chen Ing-hao, is combating his own creation through free inoculations available at xlinux.com and wahoo.com.tw.
To date, the virus has permanently damaged data on at least two million computers worldwide, according to anti-virus provider F-secure. The total makes it one of the most destructive viruses ever.
South Korea and Turkey have been the hardest hit. In each of those two countries, the virus has worked its way into major computer networks and infected more than 300,000 computers.
"There are at least three versions of CIH. The April 26th strain is the most serious, because it only activates once a year, which gives it a lot of time to spread," said Michael Lin of Trend Micro, the maker of PC-Cillin anti-virus software. "One other version activates on the 26th of every month."
Lin said that the virus resides in a computer's memory, attaching itself to any executable files bearing the suffixes .exe or .com. Since these do not include standard word processing files, the virus is seldom transmitted through normal e-mails.
Before CIH was first detected, however, it had managed to infect some popular Web sites, worming its way into downloadable software. In some instances, it was even pre-installed.
In a worst case scenario, the virus can cause complete loss of data and render a computer unusable. Once activated, CIH overwrites all the information on a computer's hard drive.
On certain Pentium systems, the virus then proceeds to corrode the flash BIOS, the foundation level embedded software that allows a computer to boot up.
However, since CIH has already been around for nearly two years, experts doubt it will wreak as much havoc this year.
"It will be better this year. CIH was identified in 1998. Now, almost every anti-virus has a solution for it," Lin said.
The virus takes the name CIH from the initials of its author, letters which also appear in the signature line of the virus's code. The virus has also become commonly known as "Chernobyl."
Though Chen was unavailable for comment, sources at XLinux, Chen's current employer, said that Chen wrote the virus nearly three years ago while a student at Taiwan's Tatung Institute of Technology.
XLinux is a local software provider that specializes in the Linux operating system.
Chen was recruited to work at the company's Kaohsiung R&D facility as a programmer after he completed his military service last year.
Both the xlinux.com and wahoo.com.tw Web sites, where Chen's self-authored CIH inoculation can be found, are administered by XLinux.
Describing Chen as "shy," XLinux sources said that he never intended to release the virus into the wild, though the virus got out when a dormitory mate sent an e-mail from his computer.
The virus first infected his college's computer systems, and later spread to other parts of the world via the Internet.
Chen was reprimanded by officials at both his college and in the Taiwan armed forces, but he has never been prosecuted.
And it may just be a coincidence that Taiwan's military established an information warfare unit, which has developed more than 200 viruses during Chen's two years of compulsory service.
RSS