Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!cs.widener.edu!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: CCTR132@csc.canterbury.ac.nz (Nick FitzGerald) Newsgroups: comp.virus Subject: Re:Mutation of Stoned/Implications for self check boot sectors(PC) Message-ID: <0002.9103281641.AA28811@ubu.cert.sei.cmu.edu> Date: 27 Mar 91 01:14:00 GMT Sender: Virus Discussion List Lines: 44 Approved: krvw@sei.cmu.edu In VIRUS-L Digest V4 #47: "David.M.Chess" wrote: >Pat Ralston writes: > >>Table" "Your PC is now Stoned! LEGALISE". Please note that Legalise >>is NOT spelled with a Z as in other versions and is in all uppercase >Now I'm taking an unusual (for me) risk here, as I'm at home with the >tail end of a nasty cold, and can't verify it, but I'm Pretty Sure >that the standard normal everyday Stoned virus spells the word with an >"S" ("LEGALISE"). Yep - originating from New Zealand, where we speak proper English ( 8-) ) the author of Stoned, like most New Zealanders (and probably Aussies and the English themselves), spelled "legalise" with an "s". Pity none of them read the Oxford English Dictionary, or any of the standard references on "correct" English usage (this is a cryptic comment, whose significance will be uncovered by the truly inquisitive - - enjoy). > . . . There are also many cases in which the word >"MARIJUANA" has been overwritten (probably, I am told, by hard disk >controllers that keep some data in an "unused" part of the master boot >record, and overwrite that word in the process). I have seen several copies of Stoned from various machines exhibitting the munged legalise message, and often wondered what may be causing it. I've also seen copies with apparently random bytes in the "free" space between the end of the message and the bootable disk signature bytes. If David is right, however, there are serious implications for the "self- checking boot sector" type schemes that have been discussed here recently. If some HD controllers cavalierly write to what they assume is unused space in the MBR, change-checking boot sectors are going to have a hell of a time. David - are you thinking about the (I think) Zenith machines that write the boot time and date in the MBR each boot up, or do you mean something different? - --------------------------------------------------------------------------- Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z. Internet: n.fitzgerald@csc.canterbury.ac.nz Phone: (64)(3) 642-337