Slashdot Mirror
20th Anniversary of Michelangelo Virus Scare
An anonymous reader writes "It's twenty years since the first big virus scare. According to security blogger Graham Cluley, who has written up his memories of the hard disk wiping virus, John McAfee predicted that around 5 million computers would be zapped by the virus on March 6th 1992. Of course, the truth was nothing like as bad — but the antivirus business was plagued forevermore by accusations of fear-mongering."
They'd have been plagued by claims of fear-mongering with or without this incident since they do it chronically.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
I feel even older - I don't remember it.
Oh no... it's the future.
And right at the beginning of public awareness of the internet age meant that people were panicking and incredibly misinformed.
News reports said the virus was transmitted over the phone lines (dial up internet) and suggested turning off potentially infected machines on the day of as a precaution. My father took this to mean he should unplug his answering machine that day because it had a computer chip that timestamped messages and other nifty features. In his mind, computer chip + telephone line = susceptible to the virus.
Everyone was touting the Information Superhighway at the time, but no one knew what it was, and very few people actually understood the risk a virus could pose. The media drummed up scare stories (just like those nightly investigations into some obscure not-really-dangerous thing) and the uneducated public took the bait. I'm not going to put the blame on the AV manufacturers for this one.
I'm out of my mind right now, but feel free to leave a message.....
(1) The author must be new to personal computing if he thinks 20 years ago was the first major virus scare. There were plenty around in the ealry 1980's, and some in the 1970s. Why are people so quick to think the first THEY saw was the first there was?
(2) However many years it has been - 30, whatever - it's a sad, sad commentary on our species that ANYONE gets them any more. People have had 30+ years to learn to use a computer securely, but it seems that most human beings are incapable of learning.
...but the antivirus business was plagued forevermore by accusations of fear-mongering."
Symantec's whole business model goes something like this: "Hey, that's a nice computer you have there. A shame if something were to... happen... to it." It's not an accusation, they're quite forward about it... try unsubscribing from their service once you have it. It's easier to just call the bank and say "cancel my card, close the account, burn the evidence." --- though you still have to figure out how to remove said leech software and disable all the damn warnings. Modern antivirus does not go quietly: It threatens to kill you while you're disabling it, like some sick scifi computer.... "Noooo... daaaaaavee.... I loooovvve yooooouu.. *bzzzrrrrt*"
#fuckbeta #iamslashdot #dicemustdie
For making me feel old. And also for reviving not so fond memories of inadvertantly infecting a whole lab full of PCs with the antiexe boot sector virus at the community college I worked at a year or so later.
Silence is a state of mime.
http://en.wikipedia.org/wiki/Warhol_worm
that which will work crossplatform, and bring down the internet in 15 minutes
it's a frightening and awesome idea to behold
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I enjoyed the e-mail correspondence with the Apple/IBM joke in the signature. Interesting what two decades would change.
I remember it, but reading 20 years ago in 1992 makes me feel old, 92 really doesn't seem like it was 20 years ago to me.
"...Why did they name it after one of the Ninja Turtles?"
I remember seeing one bit of advice back then to just leave your computer off on March 6th, or at the least to change your system clock, since that was when the virus would be triggered. I don't know how many followed that advice, but I am guessing that many people did. I guess many could do that in 1992, unlike today where you can't accomplish anything if the computer is down.
From what I remember of most boot sector viruses, they would load themselves into memory then infect any other disc inserted afterwards. I had one on an Amiga game like that. You couldn't clean it without making the disc unbootable, instead you just had to remember to power down afterwards to prevent it from spreading. This was back in the days when many people commonly booted from floppy rather than a hard disc. Michelangelo was significant since it went after the hard drive boot sector, not just a floppy.
I was a student at the time and after hearing the news bits about Michelangelo, I found an early virus scanner that was capable of detecting it. I think it was McAfee but not 100% sure. I downloaded it and tested my computer and it was indeed infected.
I asked the virus scanner to remove it since it said it would/could and sure enough it did. The down side was that Michelangelo was a boot sector infector and removing the virus made the system unbootable and I didn't know how to repair that. End result for me was that March 6th came a bit early.
But I wanted to track down where the infection came from so scanned all my floppies. I only found it on a few of them but one of the ones I found it on was the driver disk that came with the motherboard I had recently used to build my system. I checked with some friends in the computer shop where I was at school and they didn't believe it could possibly be the driver disk - but as luck would have it, they had a similar new motherboard from the same manufacturer with a still-sealed driver disk marked the same as mine.
After making sure all was clean, they broke the seal on the driver disk and scanned it. Positive for Michelangelo.
I don't remember the manufacturer name but wish I did. But the thing was that Michelangelo was being spread with driver disks from this one manufacturer and maybe others. No idea for how long.
I think sounding the alarm on viruses is the better path. I know some people tune it out and happily believe that they have never had an infection, but the reality now is that the people writing them don't announce their presence if they can help it. It's not about showing off. It's about money and how much of people's the criminals can snatch.
... our viri were written by true hackers and named after great artists. None of these script kiddie generated bots with names that read like poorly named perl variables.
Now get off my lawn.
Check your premises.
Bullshit. Sorry, there is no nice way to put it, but the scare mongering was pure, weapons-grade bullshit.
The REAL problems with any actual critical systems had been readily apparent to any company who would do any kind of forecasting or planning or had any contracts (including any loans given or taken) extending into the future. Even something as non-critical as import-export companies for packaging, or travel agencies or whatever, I know people actually working for them and they were aware at the very least in January 1999 (though most even earlier,) when forecast data or contracts extending in the next year started having problems. I actually know people working for such companies and NONE were waiting for the hype to convince them. As soon as the first report showed up as "uh, it says we'll achieve our goals if we get, uh, minus two thousand dollars a month in sales until 1900", some boss said, "fix the fucking thing NOW."
Meanwhile things were hyped as needing an urgent fix, that had no problem whatsoever. Network CABLES and speakers were hyped as Y2K Compliant, when, seriously, they didn't even have a calendar in them or anything. Scammers made off with billions from the rest of the economy, in upgrades for things that didn't need upgrading, and replacements for things that didn't need replacing.
THAT was what the shameless hype did: help some scammers milk the rest of the economy of money that would have been better spent elsewhere. Anyone who took part in spreading that scare, THAT is what they helped achieve: help some parasites loot the rest of society.
And it didn't even stop there. Things were hyped as going to bring civilization down, like street lights or car electronics which (especially in 1999) didn't even hold the date anywhere and had no use for it, AND which nobody could afford to just yank out and replace wholesale. Yet hordes of shameless snake oil vendors and their PR toadies were hammering non-stop on the idea that OMG, unless your city is blowing its whole budget on their snake oil, come next year all car traffic will halt, airplanes will come crashing down from the sky, and apparently grocery stores will stay closed because everyone is too stupid to figure they still need to go to work if their electronic watch locks up in 2000. It was stuff that wasn't going to get "fixed", not just because it wasn't broken in the first place, but also because nobody was rich AND retarded enough to yank out and replace every single streetlight control module like that. The hype just kept people's fears high, and even tried to amplify them some more, just in case it results in some sale anyway, although chances were 99% that it wouldn't.
The shameless snake oil vendors and the idiots who helped them spread the panic, were NOT actually doing anyone any problem. In fact if it were a just world, we'd put that kind of parasites out of our collective misery and be better off for it.
A polar bear is a cartesian bear after a coordinate transform.
They ran as TSRs, with hooks into the interrupt for disk read/writes.
Check your premises.
I guess I'll have to learn more about this virus. There was a video around here somewhere... Ah. Here it is. I'll put it on tonight and see what this is all about. It's a movie called Hackers. Hollywood wouldn't lie to me, right?
I'm not up to date on the latest version of Symantec specifically, but I _do_ have experience with antiviruses which were about as easy to get rid of as an actual virus. Which is to say, not easy at all.
The most trivial example was an old McAffee, actually, which I installed on D: and apparently nobody at McAffee ever heard of people installing programs anywhere else than the default location. Because the first update (after I actually managed to make it update: let's just say that there were other things they had apparently never heard of, like people using a different browser) it installed an updated copy of itself in the default C:\Programs\ location, BUT left the old copy on D: also active and running, which slowed the computer majorly. Needless to say, uninstalling it also only uninstalled one of the copies, while leaving the other on the hard drive and still loaded all over the registry.
Sure, if you were Joe Average and didn't know jack shit about computers, you might think that the uninstall worked and your computer is now free of the buggy antivirus... it just keeps being slow and making your browser act weirdly for some completely other reason. But if you knew enough to at least look at what services are running, you'd discover that it was a more like James Bond: you may think you got rid of him, but he's still around to ruin your party ;)
But generally, given that these things are in a race to the bottom with the actual malware to get loaded even more invisible, at an even lower level, and take over even more functions than an actual virus, it should come as no surprise if the ARE more obnoxious than an actual virus, slow the computer down more than an actual virus, cause more network traffic than an actual virus, and occasionally are also harder to remove than an actual virus.
A polar bear is a cartesian bear after a coordinate transform.
I remember the Michaelangelo virus well. It was the first virus to really hit the national news, and lots of users were worried about it. I was working for a consulting firm in Savannah, GA at the time. I like to tell this story about one of our customers who had heard about the virus on the news.
It was during the Michelangelo hysteria that I received a call from Miss M-, an employee of one of our clients located in the rural town of G-, Georgia.
"Tell me something", she began in her South-Georgia dialect. "How can you get that vahrus they been talkin' about?"
Their computer was an IBM AS400, which was totally immune from Michelangelo. I explained this to her.
"Well, how can you catch that vahrus? How does it move around?"
"Well, um, through the telephone," I answered.
Every day, this woman used her AS400 to call a credit card clearing house computer, and I thought that she could put two and two together.
"The Phone?" she exclaimed. "Well, I mean, how can you get a vahrus over the phone? How can I keep from getting the vahrus? Should I wear gloves or something!"
It finally occurred to me that she wasn't just worried that her computer could get the virus, but that SHE could get the virus from her computer (and I had just told her she could get it over the phone!).
I went through a careful explanation as to how it wasn't a real virus like people get, but was just a little computer program. It was called a virus because it copied itself from computer to computer, sort of like the real thing.
"Oh, my! Well, I'm SO glad I called you. I was SO worried and I didn't know what to do about the vahrus."
I was in such a state of shock all I could do was say, "You're welcome," and hang up.
Proverbs 21:19
Michaelangelo was *supposed* to go off on a Tuesday. So everyone would have that Monday to go in, make sure all of their machines were clean, and be all prepared for Tuesday.
Except many system at the time didn't handle the leap day correctly, so they came in on Monday, booted up the machine ... and the payload hit.
Build it, and they will come^Hplain.