IBM Aptiva
IBM Aptiva PCs shipped pre-infected with CIH virus.
In early 1999, IBM accidentally shipped several thousand Aptiva consumer PCs pre-installed with the destructive CIH (Chernobyl) file virus. The contamination occurred during manufacturing due to an infected test diskette and outdated antivirus software on a duplication server, shortly before the virus's damaging payload activation date (April 26th).
- Date
- 1999-03-05 to 1999-03-17
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Data destruction
- Cause
- Manufacturing error
What Was Affected
Package
IBM Aptiva
ComponentHardware
Artifact typehardware
Domain typeproject download host
Domain
ibm.com
Compromised Versions
- IBM Aptiva models 240, 301, 520, 580 manufactured March 5-17, 1999
Incident Context
- Motive
- Not applicable
- Attribution
- Accidental
- Transitive
- No
- User Impact
- 5000
- Observed Duration
- 12 days
Evidence
Compromised Artifacts
- IBM Aptiva consumer PCs (models 240, 301, 520, 580) manufactured between March 5 and March 17, 1999, shipped with pre-installed CIH virus.
Current Artifacts and Analysis
- f-secure.com/v-descs/cih.shtml
- web.archive.org/web/20000818190934/http://www.zdnet.com/zdnn/stories/news/0,4586,2236884,00.html
- virustotal.com/gui/file/5f778e1f90c67968a95874380a19198f7a0a860f9521935096c6bf46905f79a9
- virustotal.com/gui/file/c8b72931950b2006a96878e0a39728f725db5d4e8e62e6df2a292ae096721a89
Indicators and Changes
Hashes
md5:2b3762908955147287db7f377d66976bmd5:7b8a3132f23f2300710631017e3f0d2fsha256:5f778e1f90c67968a95874380a19198f7a0a860f9521935096c6bf46905f79a9sha256:c8b72931950b2006a96878e0a39728f725db5d4e8e62e6df2a292ae096721a89
External References
Source Data
Source record: proprietary/ibm_aptiva/meta.yaml