Stoned (computer virus)

Stoned (computer virus)

Stoned is the name of a boot sector computer virus created in 1987, apparently in New Zealand. [cite journal
url=http://catless.ncl.ac.uk/Risks/9.9.html#subj6
title=Marijuana Virus wreaks havoc in Australian Defence Department
journal=The Risks Digest
volume=9
issue=9
date=14 August, 1989
accessdate=2007-08-07] It was one of the very first viruses, and was, along with its many variants, very common and widespread in the early 1990s. [cite web
url=http://www.f-secure.com/v-descs/stoned.shtml
title=F-Secure Virus Descriptions : Stoned
publisher=F-secure.com
accessdate=2007-08-07]

When an infected computer started, there was a one in eight probability that the screen would declare:

Your PC is now Stoned!

The phrase is found in infected boot sectors of infected floppy disks and master boot records of infected hard disks along with the phrase "Legalise Marijuana".

Original version

The original version appears to have been written by someone with experience only with IBM PC 360KB floppy drives, as it misbehaves on the IBM AT 1.2MB floppy, or on systems with more than 96 files in the root directory. On hard disks, the original master boot record is moved to cylinder 0, head 0, sector 7. On floppy disks, the original boot sector is moved to cylinder 0, head 1, sector 3. Cylinder 0, head 1, sector 3 is the last directory sector on 360 Kb disks, and the author believed that it was "safe" to overwrite. The virus will "safely" overwrite the boot sector unless the root directory has more than 96 files.

On higher capacity disks, such as 1.2 MB disks, the original boot sector may overwrite a portion of the directory.

The virus is also known as Australian, Bloody!, Brunswick, Epbr, Hawaii, Hemp, Hong Kong, Lisa2, Marijuana, Monkey, Monkey 2, New Zealand, NOP, San Diego, Sanded, Sex Revolution, Smithsonian, Stonehenge, W-Boot, Whit, and Zapper.

Variants

Since it is easy to patch the messages seen, there are many variants of Stoned.

Beijing/Bloody!

The virus has the string "Bloody! Jun. 4, 1989". On this date the Tiananmen Square protests were suppressed by the People's Republic of China.

wedish Disaster

The virus has the string "The Swedish Disaster".

Manitoba

Manitoba has no activation routine and does not store the original boot sector on floppies; Manitoba simply overwrites the original boot sector. 2.88MB EHD floppies are corrupted by the virus.

Manitoba uses 2KB memory while resident.

NoInt/Bloomington/Stoned III

NoInt tries to stop programs from detecting it. This causes read errors if the computer tries to access the partition table. Systems infected with NoInt have a decrease of 2 kB in base memory.

Flame/Stamford

Flame uses 1 kB of DOS memory. Flame stores the original boot sector or master boot record at cylinder 25, head 1, sector 1 regardless of the media.

Flame saves the current month of the system when it is infected. When the month changes, Flame displays colored flames on the screen and overwrites the master boot record.

Angelina

Angelina has stealth mechanisms. On hard disks, the original master boot record is moved to cylinder 0, head 0, sector 9.

Angelina contains the following text: "Greetings from ANGELINA!!!/by Garfield/Zielona Gora" (Zielona Góra is a Polish town). The text is never displayed by the virus.

In October 1995 Angelina was discovered in new Seagate Technology 5850 (850MB) IDE drives. The drives were still factory sealed.fact|date=July 2008

In 2007, a batch of Medion laptops sold through Aldi chain were found to have Stoned.Angelina already present on the preinstalled Windows Vista operating system. [cite web |url=http://www.virusbtn.com/news/2007/09_14.xml |title=Boot virus shipped on German laptops |accessdate=2008-01-08 |work= Virus Bulletin]

Other variants

*Zapper
*Sanded
*June 4th.a
*Sex Revolution 1.1 and 2
*Swedish Disaster
*Rostov
*Stoned-8
*Stoned-16
*Stoned.16.a
*Damien
*Bravo
*Laodung
*Noint (Bloomington)
*Azusa.a
*Bunny.a
*Dani ela
*Dinamo Empire.INT.10.b
*Standard.a
*Lzr
*Empire.Monkey.a
*Empire.Monkey.b
*Kiev
*NOP
*Manitoba
*W-Boot
*Michelangelo.a
*No INT.a

Several other variants include:
*Teraz
* b, c, d, e
*Sonus
*Nulls
*Donald
*Flushed
*In love
*stoned-floppy
*Mexican
*WD1 to WD7.

References

* [http://home.arcor.de/sigurdpistor/viren/info/angelina.html]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Michelangelo (computer virus) — The Michelangelo virus is a computer virus first discovered in April 1991 in New Zealand.[1] The virus was designed to infect DOS systems, but did not engage the operating system or make any OS calls. Michelangelo, like all boot sector viruses,… …   Wikipedia

  • Stoned — may refer to:* Intoxication, particularly cannabis intoxication * Stoning, a form of execution performed by throwing stones at the victim * Stoned (computer virus), a boot sector virus created in 1987 * Stoned (TV special), a 1981 ABC After… …   Wikipedia

  • Stoned (Computervirus) — Stoned ist ein Bootvirus, auch Bootsektorvirus genannt. Der Virus wurde erstmals 1987 in der Stadt Wellington, Neuseeland, entdeckt. Er wurde hauptsächlich für MS DOS Systeme entwickelt. Stoned wird meistens im Zusammenhang mit dem Vienna und dem …   Deutsch Wikipedia

  • stoned — bekifft (umgangssprachlich); zugeknallt (umgangssprachlich); drogenberauscht; dicht (umgangssprachlich); zugedröhnt (umgangssprachlich); drauf (umgangssprachlich); zu ( …   Universal-Lexikon

  • Timeline of computer viruses and worms — Contents 1 1960–1969 1.1 1966 2 1970–1979 2.1 1 …   Wikipedia

  • Timeline of notable computer viruses and worms — This is a timeline of noteworthy computer viruses and worms.1970 1979Early 1970s* Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote… …   Wikipedia

  • LZR — may refer to:* Lzr a variant of the Stoned computer virus* LZR (Lempel Ziv Renau) a lossless data compression algorithm* LZR the ICAO airline code code for the Bulgarian airline Air Lazur* LZR the International Air Transport Association airport… …   Wikipedia

  • Rootkit — A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation… …   Wikipedia

  • Michelangelo (Computervirus) — Das Michelangelo Virus ist ein Computervirus, der erstmals im April 1991 in Neuseeland[1] entdeckt wurde. Das Virus sollte DOS Systeme infizieren (es griff das Betriebssystem jedoch nicht an oder führte interne Befehle aus; Michelangelo agierte… …   Deutsch Wikipedia

  • Компьютерный вирус — Начало исходного кода примитивного вируса для MS DOS на языке ассемблера …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”