home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!think.com!yale.edu!jvnc.net!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
- Newsgroups: comp.virus
- Subject: Info on Music Bug virus (PC)
- Message-ID: <0012.9301071651.AA16031@barnabas.cert.org>
- Date: 6 Jan 93 22:04:01 GMT
- Sender: virus-l@lehigh.edu
- Lines: 29
- Approved: news@netnews.cc.lehigh.edu
-
- >From: bill.lambdin%acc1bbs@ssr.com (Bill Lambdin)
-
- >The Music Bug virus isn't generally destructive, but the FAT table
- >structure on hard drives gives some weird effects occasionally.
-
- Not quite. The MUSIC-BUG is not *intentionally* destructive however
- mistakes do cause damage since this virus makes assumptions about disk
- structure that works only on some floppies and on no hard disks.
-
- The virus tries to create a "haven" for its code by searching for
- unused sectors and allocating them (six or seven as I recall).
- Unfortunately, while the chosen clusters are "safe", in computing the
- register values for a cluster/sector translation the M-B makes
- mistakes that cause the virus to write to a different set of sectors
- which may be in use.
-
- The virus also makes a single byte change to the Boot Parameter Block
- which renders removal via SYS C: unusable since the disk becomes
- unbootable. For some time this led to the opinion that recovery was
- impossible but most vendors now use a equally simple recovery method
- that works (think it took less than 30 bytes).
-
- The most common vector was via a graphics driver disk furnished with
- certain computer systems and though the manufacturer was notified, I
- have never seen any indication that the disks were withdrawn/replaced.
-
- Unseasonably warm & humid,
-
- Padgett
-
