More on Michelangelo...

Rob Harper Rob.Harper at CONVEX.CSC.FI
Fri Mar 6 05:52:27 EST 1992

>Path: funic!fuug!mcsun!uunet!europa.asd.contel.com!darwin.sura.net!jvnc.net!net
>From: edtjda at magic322.chron.com (Joe Abernathy)
>Newsgroups: comp.virus
>Subject: Houston Chronicle report on Michelangelo (PC)
>Message-ID: <0012.9202141543.AA01119 at ubu.cert.sei.cmu.edu>
>Date: 13 Feb 92 00:56:19 GMT
>Sender: Virus Discussion List <VIRUS-L at LEHIIBM1>
>Lines: 181
>Approved: krvw at sei.cmu.edu

This story appeared on Saturday, Feb. 8 in the Houston Chronicle, Page

It may be redistributed as individuals/moderators see fit in order to
serve the online community. Thanks to all who helped.

Comments to edtjda at chron.com

- -- edtjda

Michelangelo: Master of disaster
Insidious computer virus, timed for artist's birthday, infects PCs worldwide

Copyright 1992, Houston Chronicle

A fast-moving, highly destructive computer virus called Michelangelo is
spreading among IBM-compatible personal computers in Houston and around
the world.

Michelangelo is set to strike on March 6 -- the birthday of the Renaissance
master -- erasing vast amounts of information, according to computer
scientists specializing in viruses.

"This destructive virus is spreading worldwide very rapidly," wrote virus
specialist A. Padgett Peterson in a bulletin recently circulated on computer
networks. "Unlike the DataCrime 'fizzle' of 1989, which contained similar
destructive capability but never spread, the Michelangelo appears to have
become 'common' in just 10 months following detection.

"I have never seen so many reports of a virus in so short a time before."

A virus is a computer program designed to spread itself without the
knowledge of users, usually causing harm to infected systems. Although
viruses have become common, Michelangelo's exceptional rate of reproduction
and potential for harm are causing special concern.

DataCrime was the last virus that prompted such concern when, in 1989, a
number of news reports warned of its destructive potential. Most experts said
later that these fears had been overblown, although they did boost awareness
and prevention efforts.

While scientists said that Michelangelo could represent another such 'fizzle,'
the prospects for that are decreasing with word of widespread infections.

"It is a virus that we get calls on, multiple reports every day," said Aryeh
Goretsky, manager of technical support at McAfee Associates, a publisher
of antiviral software. "Maybe 25 percent of our calls are related to that
virus -- people that have it as opposed to people requesting information --
so it is something that's out there, that's a real threat."

The manager of one Houston retail computer center acknowledged that
Michelangelo infections have been frequent of late. He requested anonymity,
saying, "It's not good to let people know that you've had Michelangelo."

Store employees run a program to disinfect each computer before it is sold,
but Michelangelo's surprising presence in a number of software products when
shipped from the factory has made it difficult to guard against every avenue
of spread.

"The virus got a head start through major distributions," said Christoph
Fischer, who as director of the Micro-BIT Virus Center at the University
of Karlsruhe, Germany, first analyzed Michelangelo. "The many reports clearly
indicate the wide and manifest infection."

Among the notable infections:

* DaVinci Systems Corp. announced last week that it had shipped a large
number of infected copies of its electronic mail software eMAIL 2.0. The
copies were sent to more than 900 customers, more than 600 of whom are
DaVinci resellers.

"We are now using multiple virus-detection products and insisting that
our duplicating contractors also check for viruses," Bill Nussey, president
of DaVinci Systems, said in a statement.

* Between Dec. 10 and Dec. 27, Leading Edge PRoducts shipped up to 6,000
computers whose hard drives were infected at the factory with Michelangelo.

* All of the PCs at Southeastern Louisiana University recently were infected.

* At the University of Florida, half of the PCs recently tested positive
for the virus.

* In New Zealand, Victoria University of Wellington received 400 requests
for an antivirus disk within three days.

* A magazine spread 10,000 to 12,000 copies of the virus in a diskette
included with the magazine.

* Verbatim, a diskette manufacturer, has become an unwitting victim because of
an untrue rumor that some of the company's blank diskettes were infected.

Fischer named the virus based on its trigger date. Viral detection and
analysis is a difficult process even for experts; a formal method Fischer
has designed will in fact be the topic of a research paper to be presented
at the Fifth International Conference on Viruses and Computer Security,
in March in New York.

Interviewed online via the Internet computer network, Fischer warned that
Michelangelo is especially dangerous because it permanently erases the entire
hard drive, rather than just deleting some information, as most viruses do.

Michelangelo was first found in April 1991, in Sweden and the Netherlands.
Beyond that, nothing is known of its author or his motives.

Rob Slade, an expert at the Vancouver Institute for Research into User
Security, in British Columbia, recently pointed to the infection of supposedly
"safe" commercial products as one of the biggest challenges facing the
computing community.

"If I had to choose one viral myth which most contributed to the unchecked
spread of viral programs that exists today, it would be that of the 'safety'
of commercial software," Slade said, writing in a copyrighted contribution
to Virus-L, an electronic journal serving the computer science community.

Viral infection commonly occurs when contaminated programs or disks are
traded among computers. It does not matter if a program comes from the
store, a friend or over the telephone lines.

"I'm trying very hard not to draw too close a parallel between computer use and
sexual activity," said Ray Trent, a scientist at SRI International, the Menlo
Park, Calif., research and consulting firm. "But the fact is that people who
use computers promiscuously are most at risk."

The number of viruses has multiplied rapidly since 1986, when Pakistani
Brain introduced the breed to the world of IBM-compatible computers. The forms
of spread and attack also have grown steadily more sophisticated.

In November, the national Computer Security Association commissioned a virus
survey of 600,000 North American businesses by Dataquest, the San Jose, Calif.,
market research firm.

The results show that 63 percent of the firms have experienced a virus
encounter, and 9 percent have experienceda virus disaster, which the survey
defines as an incident affecting 25 or more PCs or diskettes.

Of those struck by a virus, 62 percent reported lost productivity; 4 percent
reported screen messages, interference or lockup; and 38 percent reported
that files were corrupted.

In 1991, among companies with more than 1,000 PCs, 16 percent experienced
a virus disaster.

Trent said that good computing practices, including regular, incremental
backups, are the best response to any system threat, whether from a virus or
other problems.

With graphic:/

Diagnosis: Michelangelo virus

* Symptoms: Disk directory damage; hard drive reformating, resulting in
destruction of data and programs; decrease in total system and available

* Trigger: System date of March 6 of any year, birthda6y of the Renaissance

* Computer type: All IBM PCs, all MS-DOS-compatible file systems.

* First detected: April 1991.

* Origin: Sweden or the Netherlands.

* Detection: Virus-detection software including ViruScan Version 80 or
later; F-Prot version 1.16 or later; IBM Scan version 2.1 or later.

* Cure: CleanUp Version 80 or later; F-Prot Version 12.16 or later. If you do
not own one of these virus protection products, you can gain some protection
against Michelangelo by leaving your computer turned off on March 6 and by
backing up data.

* Comments: The Michelangelo virus becomes memory resident the first time
an attempt is made to boot the system from an infect disk. It will then infect
the hard drive and any diskettes that are inserted.

Source: Christoph Fishcer; Micro-BIT Virus Center; University of Karlsruhe,

More information about the Bio-soft mailing list

Send comments to us at biosci-help [At] net.bio.net