Michelangelo (computer virus)
The Michelangelo virus is a computer virus first discovered in 4 February 1991 in Australia. The virus was designed to infect DOS systems, but did not engage the operating system or make any OS calls. Michelangelo, like all boot sector viruses, basically operated at the BIOS level. Each year, the virus remained dormant until March 6, the birthday of Renaissance artist Michelangelo. There is no reference to the artist in the virus, and it is doubtful that the virus writer intended Michelangelo to be referenced to the virus. Michelangelo is a variant of the already endemic Stoned virus.
On March 6, if the PC is an AT or a PS/2, the virus overwrites the first one hundred sectors of the hard disk with nulls. The virus assumes a geometry of 256 cylinders, 4 heads, 17 sectors per track. Although all the user's data would still be on the hard disk, it would be irretrievable for the average user.
On hard disks, the virus moves the original master boot record to cylinder 0, head 0, sector 7.
On floppy disks, if the disk is 360 KB, the virus moves the original boot sector to cylinder 0, head 1, sector 3.
On other disks, the virus moves the original boot sector to cylinder 0, head 1, sector 14.
- This is the last directory of the 1.2 MB disks.
- This is the second-to-last directory of the 1.44 MB disks.
- The directory does not exist on 720 KB disks.
Although designed to infect DOS systems, the virus can easily disrupt other operating systems installed on the system since, like many viruses, the Michelangelo infects the master boot record of a hard drive. Once a system became infected, any floppy disk inserted into the system (and written to; in 1992 a PC system could not detect that a floppy had been inserted, so the virus could not infect the floppy until some access to the disk is made) becomes immediately infected as well. And because the virus spends most of its time dormant, activating only on March 6, it is conceivable that an infected computer could go for years without detection — as long as it wasn't booted on that date, while infected.
The virus first came to widespread international attention in January 1992, when it was revealed that a few computer and software manufacturers had accidentally shipped products, for example Intel's LANSpool print server, infected with the virus. Although the infected machines numbered only in the hundreds, the resulting publicity spiraled into "expert" claims, partially lead by anti-virus company founder John McAfee, of thousands or even millions of computers infected by Michelangelo. However, on March 6, 1992, only 10,000 to 20,000 cases of data loss were reported.
In subsequent years, users were advised not to run PCs on March 6, waiting until March 7, or else reset the PC date to March 7 at some time on March 5 (to skip March 6). Eventually, the news media lost interest, and the virus was quickly forgotten. Despite the scenario given above, in which an infected computer could evade detection for years, by 1997 no cases were being reported in the wild.
- http://www.cert.org/advisories/CA-1992-02.html official advisory (by CERT)
- The Michelangelo madness at the Wayback Machine (archived March 9, 2008), a chapter in an IBM research report
- Michelangelo Fiasco: a Historical Timeline at Vmyths
- Dis-assembled Michelangelo source code at the Wayback Machine (archived February 24, 2012)