Boot virus shipped on German laptops

Posted by   Virus Bulletin on   Sep 14, 2007

Aged malware installed on batch of Vista systems.

A consignment of laptops from German manufacturer Medion, sold through German and Danish branches of giant retail chain Aldi, have been found to be infected with the boot sector virus 'Stoned.Angelina', first seen as long ago as 1994 and last included on the official WildList in 2001.

According to German sources, anywhere between 10,000 and 100,000 systems may be infected, but as the machines apparently ship without floppy drives the virus is unlikely to spread. The systems come pre-installed with Windows Vista and Bullguard anti-virus, which will warn of the 'harmless' infection on booting the machines, but is unable to remove it.

Bullguard has provided a special removal tool to remove the offending code, but the incident has highlighted the vulnerability of newer security products to older threats thought long extinct. Some products may even have removed modules designed do deal with boot sector viruses and other elderly threats to improve performance.

'This is a reminder that old viruses never really die,' said John Hawes, Technical Consultant at Virus Bulletin. 'Malware that's been off the radar for years often pops up when least expected, after someone digs out an old floppy or boots up an ancient system, and security firms have a duty to maintain protection against older threats for just this kind of eventuality. It should also remind product makers of the need for thorough security processes and screening before releasing products to market - in this case the only real harm has been to the manufacturer's reputation, but shipping infected goods can have much more serious consequences.'

A report on the incident from heise security (in German) is here, with an announcement from Medion (also in German) here. Removal instructions from Bullguard are here.

Posted on 14 September 2007 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2021 call for papers - now open, to all!

The call for papers for VB2021 is now open and we want to hear from you - we're planning for flexible presentation formats, so everyone is encouraged to submit, regardless of whether or not you know at this stage whether you'll be able to travel to…

In memoriam: Yonathan Klijnsma

We were very sorry to learn of the passing of researcher Yonathan Klijnsma last week. Here, former VB Editor Martijn Grooten shares his memories of a talented researcher and a very kind person: this month, infosec lost a really good one.

VB2020 localhost videos available on YouTube

VB has made all VB2020 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2020 presentation & paper: 2030: backcasting the potential rise and fall of cyber threat intelligence

At VB2020 localhost, threat intelligence consultant Jamie Collier used the analytical technique of backcasting to look at the rise and fall of the cyber threat intelligence industry.

VB2020 presentation: Behind the Black Mirror: simulating attacks with mock C2 servers

At VB2020 localhost, Carbon Black's Scott Knight presented an approach he and his colleagues have taken to more realistically simulate malware attacks.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.