Michelangelo (computer virus)
From Wikipedia, the free encyclopedia
The Michelangelo virus is a computer virus first discovered in April 1991 in New Zealand.[1] The virus was designed to infect MS-DOS systems (but did not engage the operating system or make any OS calls; Michelangelo, like all boot sector viruses, basically operated at the BIOS level) and remain dormant until March 6, the birthday of Renaissance artist Michelangelo. There is no reference to the artist in the virus, and it is doubtful that the virus writer intended Michelangelo to be referenced to the virus. A more likely scenario is that the virus was a gaffe against the (at the time) better known Jerusalem B (Friday the 13th) virus. Since this attack took place exactly one week before Friday, March 13th, 1992--computer users who believed that they could avoid Jerusalem by changing the system date (on the twelfth) would be ensnared. Michelangelo is clearly a variant of the already endemic stored virus.
On March 6, if the PC is an AT or a PS/2, the virus overwrites the first one hundred sectors of the hard disk with nulls. The virus assumes a geometry of 256 cylinders, 4 heads, 17 sectors per track. Although all the user's data would still be on the hard disk, it would be all but irretrievable for the average user.
On hard disks, the virus moves the original master boot record to cylinder 0, head 0, sector 7.
On floppy disks, if the disk is 360 KB, the virus moves the original boot sector to cylinder 0, head 1, sector 3.
On other disks, the virus moves the original boot sector to cylinder 0, head 1, sector 14.
- This is the last directory of the 1.2 MB disks.
- This is the second-to-last directory of the 1.44 MB disks.
- The directory does not exist on 720 KB disks.
Although designed to infect MS-DOS systems, the virus can easily disrupt other operating systems installed on the system since, like many viruses, the Michelangelo infects the master boot record of a hard drive. Once a system became infected, any floppy disk inserted into the system (and written to; in 1992 a PC system could not detect that a floppy had been inserted, so the virus could not infect the floppy until some access to the disk is made) becomes immediately infected as well. And because the virus spends most of its time dormant, activating only on March 6, it is conceivable that an infected computer could go for years without detection — as long as it wasn't booted on that date after being infected.
The virus first came to widespread international attention in January 1992, when it was revealed that a few computer and software manufacturers had accidentally shipped products, for example Intel's LANSpool print server, infected with the virus. Although the infected machines numbered only in the hundreds,[2] the resulting publicity spiraled into "expert" claims of thousands or even millions of computers infected by Michelangelo. However, on March 6, 1992, only 10,000 to 20,000 cases of data loss were reported. The news media lost interest, and the virus was quickly forgotten. Despite the scenario given above, in which an infected computer could evade detection for years, by 1997 no cases were being reported in the wild.[3]
Contents |
[edit] Pop culture references
- The "Leonardo da Vinci" virus in the 1995 movie Hackers is a reference to Michelangelo.
- In the second Bastard Operator from Hell article, the eponymous character uses the "De Vinci virus" as a cover story after deleting a user's files.
[edit] References
[edit] See also
[edit] External links
- http://www.cert.org/advisories/CA-1992-02.html official advisory (by CERT)
- The Michelangelo madness, a chapter in an IBM research report
- Michelangelo Fiasco: a Historical Timeline at Vmyths
- [1]Diss-assembled michelangelo source code.