Michelangelo (computer virus)
This article needs additional citations for verification. (January 2023)
|Type||Boot sector computer virus|
The Michelangelo virus is a computer virus first discovered on 4 February 1991 in Australia. The virus was designed to infect DOS systems, but did not engage the operating system or make any OS calls. Michelangelo, like all boot sector viruses, operated at the BIOS level. Each year, the virus remained dormant until March 6, the birthday of Renaissance artist Michelangelo. There is no reference to the artist in the virus, and it is doubtful that the virus's developer(s) intended a connection between the virus and the artist. The name was chosen by researchers who noticed the coincidence of the activation date. The actual significance of the date to the author is unknown. Michelangelo is a variant of the already endemic Stoned virus.
On March 6, if the PC is an AT or a PS/2, the virus overwrites the first one hundred sectors of the hard disk with nulls. The virus assumes a geometry of 256 cylinders, 4 heads, 17 sectors per track. Although all the user's data would still be on the hard disk, it would be irretrievable for the average user.
On hard disks, the virus moves the original master boot record to cylinder 0, head 0, sector 7.
On floppy disks, if the disk is 360 KB, the virus moves the original boot sector to cylinder 0, head 1, sector 3.
On other disks, the virus moves the original boot sector to cylinder 0, head 1, sector 14.
- This is the last directory of the 1.2 MB disks.
- This is the second-to-last directory of the 1.44 MB disks.
- The directory does not exist on 720 KB disks.
Although designed to infect DOS systems, the virus can easily disrupt other operating systems installed on the system since, like many viruses of its era, the Michelangelo infects the master boot record of a hard drive. Once a system became infected, any floppy disk inserted into the system (and written to; in 1992 a PC system could not detect that a floppy had been inserted, so the virus could not infect the floppy until some access to the disk is made) becomes immediately infected as well. And because the virus spends most of its time dormant, activating only on March 6, it is conceivable that an infected computer could go for years without detection — as long as it wasn't booted on that date, while infected.
The virus first came to widespread international attention in January 1992, when it was revealed that a few computer and software manufacturers had accidentally shipped products, for example Intel's LANSpool print server, infected with the virus. Although the infected machines numbered only in the hundreds, the resulting publicity spiraled into "expert" claims, partially led by anti-virus company founder John McAfee, of thousands or even millions of computers infected by Michelangelo. However, on March 6, 1992, only 10,000 to 20,000 cases of data loss were reported.
In subsequent years, users were advised not to run PCs on March 6, waiting until March 7, or else reset the PC date to March 7 at some time on March 5 (to skip March 6). Eventually, the news media lost interest, and the virus was quickly forgotten. Despite the scenario given above, in which an infected computer could evade detection for years, by 1997 no cases were being reported in the wild.
- ^ " 6.3.1992: Michelangelo Computer Virus", today-in-history.de.
- ^ The rise and peculiar fall of software pioneer John McAfee - World - CBC News. Cbc.ca. Retrieved on 2014-02-21.
- ^ Murder in Belize: A guide to the long, strange tale of John McAfee - Fortune Tech Archived 2012-12-18 at the Wayback Machine. Tech.fortune.cnn.com. Retrieved on 2014-02-21.
- http://www.cert.org/advisories/CA-1992-02.html official advisory (by CERT)
- The Michelangelo madness at the Wayback Machine (archived March 9, 2008), a chapter in an IBM research report
- Michelangelo Fiasco: a Historical Timeline at Vmyths
- Dis-assembled Michelangelo source code at the Wayback Machine (archived February 24, 2012)