We all know that virus, it was very infamous of that time in 1999. Wrecked thousands of computers too. The "wrecked" part is because it overwrites a part of the BIOS in the system (with some unrelated content) and renders the system unbootable. Here is the page explaining about the dangers of that virus: CIH virus facts Not only it writes to BIOS unneccessarily, but it busts the boot sector as well! Come to think about that, the author of the virus might have known some registers which allows reprogramming of the BIOS chip. I have suspected he must have some access to a chipset datasheet during that time. From what I've read, if the virus has overwritten some parts of the BIOS, some of the computers *would* still boot - there will be no display unless you put an old ISA graphics card inside (I tried that before many years back), and you will see something like an "Award BootBlock, BIOS ROM checksum error" asking you for a floppy containing the correct *.BIN file. If you don't have the card, you could still know that it asks for a floppy - the floppy drive LED lit up and make seeking sounds. If it doesn't boot - I don't think it's worrying either. It's not the entire motherboard is busted. The BIOS ROM has the program gone wrong, so it doesn't boot, that's all. In that case, in modern times, you can get the EEPROM programmer from the eBay: EPROM EEPROM Programmer Pic BIOS Chip PCB 5c | eBay and just reprogram it with the correct BIOS. The programmer is expensive, but you can use it again for other brands of EEPROM. If you are too lazy to buy one, you can whip up your own programmer, probably with an Arduino or something. Oh, and the virus only attacked PCs with Windows 98. Newer PCs aren't affected at all due to the much better protection system nowadays.
It's not in the wild anymore - it couldn't infect anything later than Windows 98. Since this virus, Windows have added protection to prevent a foreign program to reprogram the BIOS chip. When I was a teenager I read about this and felt creeped out about it "destroying" the entire PC. But once you know it doesn't destroy the motherboard, it's not much to be feared of. It only destroy the program inside the EEPROM which houses the BIOS program, not destroying the chip nor destroying anything else. However, armed with the knowledge from the chipset's datasheet and its registers, it's considered very straightforward for any experienced programmer.
The trouble is most users, and even most techies, aren't tech-savvy enough to reprogram the BIOS chips. That's if they can even afford to buy the EEPROM programmer. So the infected motherboard would be essentially "dead" to them.
I agree - these stuff about EEPROM programming appears extremely low-level to almost everyone who uses a computer, even for the very experienced one. I killed an old Socket 7 motherboard's EEPROM and almost disposed it until I went to Engineering campus! The rest is history, I managed to fix that immediately. The EEPROM programmer can be bought cheaply from the internet which is less than $50. And that supports a big list of EEPROM models (SST/Microchip, Atmel, Winbond etc), so if you mess up a BIOS chip from another motherboard, you can still fix them. The virus wouldn't kill any computer's BIOS. Different motherboards and different chipsets have different ways of reprogramming the BIOS. It so happened that only some of the boards are affected (probably some of the affected computers did have the author's motherboard/chipset during the writing of the code).
Yeah, these engineers added those fail-safe features after that CIH incident. Many of the systems have a physical BIOS write-protect jumper. It prevents from accidential reprogramming or virus attack.
Yeah - the engineers scramble to design new features so that the end-users won't toss the board away if another one of these strike! The newer BIOSes have write-protect option in the Setup, so there's no need to touch the jumper too. However, there are newer viruses which are identical to CIH - it's "BIOS Rootkit". They are probably not in the wild yet, but it's good to be aware of such things.
The Sony BMG ones are just plain rootkits. The BIOS rootkits however are some new thing - it's not in the wild, but some research has experimented these by intentionally creating them and infecting on some test PCs. These BIOS rootkits install a part of their malicious program into the BIOS EEPROM as an installer. It places its code into the first few cells of the EEPROM memory, and then loads whatever program into the RAM (BIOS shadowing) during the bootup. Afterwards, it will proceed to infecting boot-sectors and whatever inside. The clean-up of such rootkit can be very difficult due to the extra need to reprogram the BIOS chip (with a fresh new uninfected BIN file) externally if the computer breaks down. Luckily newer motherboards have SPI headers so that you can plug an external programmer to reprogram the BIOS if it breaks down, without yanking out the chip. That rootkit can be potentially more destructive than the CIH if these are in the wild.