Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W95/CIH.1003.A


Threat Risk LOW LOW
Destructivity HIGH HIGH
Payload Overwrites the BIOS and hard disk
Detection files published
Description created 05 Feb 2004 12:19:00
Description updated 05 Mar 2004 05:19:00
Malware type VIRUS
Spreading mechanism FILE_INFECTION
Summary None



CIH.1003.A will only run on Windows 95/98/ME systems. It installs a file system hook to intercept file opens, specifically on executables, and then attempts to infect them. CIH will infect the executable by copying itself to unused areas of the file so in most cases the file size may not appear to change.CIH also includes tricks for preventing detection by AV scanners.

Payload Details

If the date is 26 April then CIH will attempt to overwrite the hard disk and BIOS. If the payload is executed successfully then you will be unable to boot your computer, even from floppy disk.





Last Updated: 12 Nov 2015 11:06:15