yah bisa aja, kenapa tidak ?
s/w itu sendiri kan adalah "instruksi kode mesin"...
yah kalo si mesin
dikasi self-destruct, modar lah :D
ane sadur dari wiki aja yak, terjemahin dewe...
*CIH*, also known as *Chernobyl* or *Spacefiller*, is
a computer virus
written by Chen Ing Hau of Taiwan. It is considered
to be one of the
most harmful widely circulated viruses, overwriting
critical information
on infected system drives, and more importantly, in
some cases
corrupting the system BIOS .
The virus made another comeback in 2001 when a variant
of the Loveletter
Worm in a VBS file containing a dropper routine for
the CIH virus was
circulated around the internet, under the guise of a
nude picture of
Jennifer Lopez
CIH spreads under the Portable Executable
file format under Windows 95, Windows 98, and Windows
ME. CIH does not
spread under Windows NT , Windows 2000 , or Windows XP
CIH infects Portable Executable files by splitting the
bulk of its code
into small slithers inserted into the inter-section
gaps commonly seen
in PE files, and writing a small re-assembly routine
and table of its
own code segments' locations into unused space in the
tail of the PE
header. This earned CIH another name, "Spacefiller".
The size of the
virus is around 1 kilobyte , but due to its novel
multiple-cavity
infection method, infected files do not
grow at all. It uses methods of jumping from processor
ring
3 to 0 to hook system calls.
The payload, which is considered extremely dangerous,
first involves the
virus overwriting the first megabyte (1024KB) of the
hard drive
with zeroes, beginning at sector 0. This often deletes
the contents of
the partition table, and may cause the machine to
hang.
The second payload tries to write to the Flash BIOS .
Due to what may be
an unintended feature of this code, BIOSes that can be
successfully
written to by the
virus have critical boot-time code replaced with junk.
This routine only
works on some machines. Much emphasis has been put on
machines with
motherboards based on the Intel 430TX chipset, but by
far the most
important variable in CIH's success in writing to a
machine's BIOS is
the type of Flash ROM chip in the machine. Different
Flash ROM chips (or
chip families) have different write-enable routines
specific to those
chips. CIH makes no attempt to test for the Flash ROM
type in its victim
machines, and has only one write-enable sequence.
For the first payload, any information that the virus
has overwritten
with zeros is lost. If the first partition is FAT32 ,
and over about one
gigabyte , all that will get overwritten is the MBR ,
the partition
table, the boot sector of the first partition and the
first copy of the
FAT of the first partition. The MBR
and boot sector can simply be replaced with copies of
the standard
versions, the partition table can be rebuilt by
scanning over the entire
drive and the first copy of the FAT can be restored
from the second
copy. This means a complete recovery with no loss of
user data can be
performed automatically by a tool like Fix CIH
If the first partition is not FAT32 or is smaller than
1GB the bulk of
user data on that partition will still be intact but
without the root
directory and FAT it will be difficult to find it
especially if there is
significant fragmentation.
If the second payload goes off without a hitch, the
computer will not
start at all. A technician is required to reprogram or
replace the Flash
BIOS chip, as most systems that CIH can affect predate
BIOS restoration
features.
KorbanLumpur wrote:
>Kalow ada ya huebad tuh
>Sebuah S/W yg dapat melumpuhkan H/W
>
>
>
___________________________________________________________________________________
How would you spend $50,000 to create a more sustainable environment in
Australia? Go to Yahoo!7 Answers and share your idea.
http://advision.webevents.yahoo.com/aunz/lifestyle/answers/y7ans-babp_reg.html
