Monday, March 6, 2017

Michelangelo Computer Virus

  1. March 6th 1992 was day zero for the Great Michelangelo Virus Scare, the first and probably one of the biggest computer virus scares that the world has ever seen.
  2. The Michelangelo virus was first discovered in February 1991 by Australian veteran anti-virus expert Roger Riordan. Riordan, the brains behind VET, a popular anti-virus program down under, probably didn’t think that the virus was particularly special.
  3. On March 6th, the virus was programmed to overwrite the first 17 sectors of every track on infected hard disks, heads zero to four. The consequence of this payload was, of course, painful – you would be hard pressed to recover your data if the virus triggered on your PC.
  4. Michelangelo was one of the first computer viruses to receive a great deal of media attention, with only Datacrime from 1989 causing a comparable amount of hype. This virus was more a study in mass hysteria than virus damage. It caused a great deal of panic, but very little actual damage. Michelangelo only infected a few thousand computers making it an example of media hype.
  5. It has a destructive payload that overwrites all data on the hard disk with random characters, making recovery of any data unlikely, if not impossible. It will only do this if the computer is booted on March 6 (the birthday of the artist Michelangelo, ironically, one of the vendors that sold software infected with the virus was DaVinci systems). 
  6. In addition, the virus does not check if the MBR has been previously infected, therefore if a similar virus has already infected the MBR, it will move the previous virus to the location the original MBR was stored on, making recovery of the MBR impossible.
  7. The Michelangelo virus triggers on any March 6.  On that date, the virus overwrites critical system data, including boot and file allocation table (FAT) records, on the boot disk (floppy or hard), rendering the disk unusable.  Recovering user data from a disk damaged by the Michelangelo virus will be very difficult.
  8. Michelangelo was first recognized by the media when a company shipped 500 PCs infected with the virus in January 1992.
  9. It is uncertain where the Michelangelo virus originates. Most sources say New Zealand, but Sweden and the Netherlands are also a possibility. It was discovered in 1991 April.
  10. Michelangelo is mostly similar to the original Stoned Virus. In addition to infecting the sectors of the original Stoned virus, Michelangelo infects sector 28 on 1.2 megabyte floppy disks. Upon infection, the Michelangelo virus becomes memory resident at the top of system memory but below the 640K DOS boundary. Interrupt 12's return is moved to insure that Michelangelo is not overwritten in memory.
  11. The virus scare certainly did no harm to John McAfee, whose anti-virus company went public in October 1992, raising $42 million in an initial public stock offering. Not bad for a business which at the time just had a couple of dozen employees, and no doubt assisted by the huge public exposure it had received just six months earlier.
  12. Video of the Michelangelo virus.

Sources:

https://en.wikipedia.org/wiki/Michelangelo_(computer_virus)
https://nakedsecurity.sophos.com/2012/03/05/michelangelo-virus/
https://web.stanford.edu/dept/news/pr/93/930301Arc3381.html
https://www.cert.org/historical/advisories/CA-1992-02.cfm?
http://virus.wikidot.com/michelangelo
https://www.youtube.com/watch?v=2Gx1Rs0WNnY

No comments:

Post a Comment