Wednesday, November 23, 2005

Boot Sector Viruses

All hard drives and floppy diskettes have a boot sector, which includes information crucial to the boot process, as well as a program that enables the computer to boot from disk. Boot sector viruses reside in the boot sector, waiting for a user to boot from the infected drive or diskette. When this occurs, the virus resides in memory and infects any uninfected drives that the OS tries to access.
These viruses typically spread via floppy diskettes, but if they reach the master boot record of the hard drive, widespread infection can occur because any type of media (CD-ROMs, SmartMedia cards, Zip disks, etc.) then risks infection.
Both boot sector viruses and master boot record viruses can cause significant damage. Symptoms range from boot or data retrieval problems to erased disk partitions to general computer instability. Some OSes (such as Windows NT) will not boot at all when infected with one of these viruses. Boot sector viruses have a long history of causing both panic and actual damage, and perhaps the most infamous of these troublemakers is Michelangelo. As both a boot sector and master boot record virus, Michelangelo overwrites portions of the drive if an infected computer boots on March 6, the same date as its namesake’s birthday.
Michelangelo was one of the first media-hyped viruses, mostly due to its potential for a computer wipeout on a single date. Leading up to March 6, 1992, major newspapers and TV networks carried news stories about the virus, eventually predicting that thousands and then millions of computers were at risk. March 6 arrived, and the hysteria soon died following reports of some infected systems, but not anywhere near the immense predicted numbers. Experts theorized that the failure of worldwide Michelangelo infection was due to panicked computer users buying anti-virus software before March 6 (which also served to expose existing infections of many other viruses).
Michelangelo is a variant of the Stoned family of viruses. Also a boot sector and master boot record virus, Stoned was actually much more prevalent during the hysteria Michelangelo caused. But unlike Michelangelo, Stoned was more annoying than harmful.
“The Stone variants weren’t necessarily devastating, but they were incredibly well-distributed,” Nachenberg says. “They were all over. Everyone had Stone.”
Unlike modern stealthy viruses, Stoned proudly proclaims its existence by first infecting a computer’s master boot record, and then displaying the message: “Your PC is now Stoned!” approximately once in every eight boots from an infected floppy. Although booting from floppies was more common 12 years ago, the practice faded, as did one of its primary nemeses, Stoned.
A downright destructive example is Disk Killer, another prominent boot sector and master boot record infector. On an infected computer running for 48 hours, this beast (or Ogre, as its nicknamed) displays the following message: “Warning! Don’t turn off the power or remove the diskette while Disk Killer is processing!” Next, you’ll see an ominous “PROCESSING” message, later followed by, “Now you can turn off the power. I wish you luck!” During that “PROCESSING” stage, Disk Killer encrypts all of the data on your diskette or drive, rendering it (and the rest of your computer) useless.


Anonymous Anonymous said...

Fine way of explaining, and pleasant piece of writing to obtain facts concerning my presentation subject matter,
which i am going to convey in institution of higher education.

Review my blog - bmi index chart

12:24 PM  

Post a Comment

<< Home