Virus Encyclopedia
Welcome to the Virus Encyclopedia of Panda Security.
Michelangelo | |
Threat Level Damage Distribution |
At a glance
 |
| Common name: | Michelangelo |
| Technical name: | Michelangelo |
| Threat level: | Low |
| Alias: | Michelangelo.A, |
| Type: | Virus |
| Effects: | It infects the boot sector of floppy disks and hard disks. On March 6, it deletes information from the hard disk. It prevents the computer from starting up correctly.
|
| Affected platforms:
| MS-DOS |
| Detection updated on: | July 10, 2008 |
| Statistics | No |
| Country of origin: | SWEDEN |
| Family: | STONED |
Brief Description | |
| Michelangelo is a boot virus that infects the boot sector of floppy disks and of hard disks. Michelangelo has a very destructive payload, as on March 6th, it deletes information from the hard disk, thus making it irretrievable. Michelangelo infects the hard disk of a computer when it is booted from a floppy disk that is infected with this virus. From then on, all of the floppy disks used on that computer will be infected and it will have problems starting up. |
Visible Symptoms | |
The main visible symptom is that infected computers have problems starting from March 6th. In addition, information from the hard disk is lost. |
Tech details
Effects |
The effects of Michelangelo are the following: It infects the boot sector of floppy disks (Boot) and hard disks (Master Boot Record). It replaces the original master boot record with an infected version. It does this by moving the original MBR to a different section of the hard disk. This technique is known as Stealth. It infects all the floppy disks used in the infected computer, provided that they are not write-protected. When it activates, on March 6th, it overwrites some part of the information included in the hard disk. It overwrites the information in track 0 of the target disk. More exactly, this occurs in the first 17 sectors of the first 4 sides of the first 250 cylinders on the disk. This means that approximately 8 MB will be lost. The File Allocation Table (FAT) and the root directory information are located on this section. As a result of this the hard disk is rendered useless.
|
Infection strategy
Michelangelo has the following infection routine:
It is transmitted to the computer when it is started from a floppy disk that is infected with this virus.
Then, Michelangelo goes memory resident. The virus occupies 2048 Bytes of the TOM (Top of memory).
From the memory, Michelangelo infects all the floppy disks used on the computer.
In order to do this, it hooks the interrupts that have access to floppy disks.
Michelangelo moves the original sector of the hard disk (from sector 0, side 1, cylinder 0 to sector 7, side 0, cylinder 0).
Means of transmission
Michelangelo spreads through floppy disks, in the following way:
- It infects the hard disk of the computer when it is booted from a floppy disk that is infected with this virus.
- It infects all the floppy disks used in the affected computer. These floppy disks will then infect other computers.
Further Details
Here are some additional interesting facts about Michelangelo:
Michelangelo belongs to the Stoned family or group of viruses.
Its trigger date, March 6th, was the birthday of the famous Italian artist, Michelangelo (Mar. 6, 1475). That is the reason for its name.
