CIH

The Student, The Answer, The Accident

In 1998, Chen Ing-hau was a computer science student at Tatung University in Taipei. Like many ambitious coders in that era, he was reading the debates. Antivirus companies were making claims that seemed lazy, that seemed wrong. So Chen did what curious minds do: he set out to prove them mistaken. He would write a virus. A small one. Elegant. Something that demonstrated what was actually possible.

CIH was the proof. Just 1,003 bytes. Impossibly tight code that accomplished what it needed to accomplish without waste. But somewhere between the academic exercise and the real world, it escaped. Chen's answer to industry complacency went into the wild, and by mid-1998, it was being reported to antivirus vendors. The sample was submitted. The analysis began. For now, it seemed like one more virus in an endless succession.

The Technical Innovation

What made CIH significant wasn't complexity. It was precision. The virus earned the nickname "Spacefiller" because it exploited empty space in Portable Executable file structure. Rather than appending itself to the end of a target file like most viruses did, CIH filled the unused gaps in the PE header. The file size barely changed. Antivirus heuristics that looked for size inflation sometimes missed it.

But the technical elegance went deeper. CIH didn't just infect and spread. On infected systems, it attempted something that had been mostly theoretical: direct hardware destruction. It would overwrite the first megabyte of the hard drive. It would attempt to reprogram the system BIOS itself, flashing new code into the firmware. Most viruses of the era deleted files or corrupted data. CIH could render a motherboard permanently unbootable. Hardware damage, not just software sabotage.

This was the line antivirus vendors had been arguing about. Was it possible? CIH answered the question with finality.

April 26, 1999

The virus carried a trigger date: April 26. The anniversary of the Chernobyl disaster. As if to mark the moment with historical weight. When the clock rolled over on systems worldwide, CIH activated. The payload executed. Estimates vary on the scope of the damage: somewhere between 60 million infected systems and something higher. The financial toll was calculated in the billions. Corporations, government agencies, hospitals, schools. Machines simply stopped working.

IT departments scrambled. The virus was already inside their networks, passive and waiting. There was no elegant recovery, no simple rollback. For many systems, the only solution was hardware replacement. The aftermath dominated tech news in the spring of 1999, a visceral demonstration of what a small piece of malicious code could accomplish when unleashed at scale.

The Architect's Absence

What happened next was strange. Chen Ing-hau was in Taiwan. CIH had caused catastrophic damage across the globe, but in Taiwan, the legal infrastructure moved slowly. No Taiwanese victims filed complaints against Chen. Without a domestic injury, without a complaining party within the jurisdiction, prosecution seemed difficult. For years, he faced no legal consequences. The architect of the worst virus the world had seen at that moment simply lived his life.

The story changed eventually. Years later, legal pressure mounted. Chen faced consequences for what he had created, even if the chain of causation between student exercise and global catastrophe remained philosophically complex. He had written the proof. The world had run it. And nothing was quite the same afterward.

CIH represents a moment when the gap between academic curiosity and real-world impact became impossible to ignore. A 1,003-byte answer to a question that should have stayed theoretical.