Boot virus shipped on German laptops

Posted by   Virus Bulletin on   Sep 14, 2007

Aged malware installed on batch of Vista systems.

A consignment of laptops from German manufacturer Medion, sold through German and Danish branches of giant retail chain Aldi, have been found to be infected with the boot sector virus 'Stoned.Angelina', first seen as long ago as 1994 and last included on the official WildList in 2001.

According to German sources, anywhere between 10,000 and 100,000 systems may be infected, but as the machines apparently ship without floppy drives the virus is unlikely to spread. The systems come pre-installed with Windows Vista and Bullguard anti-virus, which will warn of the 'harmless' infection on booting the machines, but is unable to remove it.

Bullguard has provided a special removal tool to remove the offending code, but the incident has highlighted the vulnerability of newer security products to older threats thought long extinct. Some products may even have removed modules designed do deal with boot sector viruses and other elderly threats to improve performance.

'This is a reminder that old viruses never really die,' said John Hawes, Technical Consultant at Virus Bulletin. 'Malware that's been off the radar for years often pops up when least expected, after someone digs out an old floppy or boots up an ancient system, and security firms have a duty to maintain protection against older threats for just this kind of eventuality. It should also remind product makers of the need for thorough security processes and screening before releasing products to market - in this case the only real harm has been to the manufacturer's reputation, but shipping infected goods can have much more serious consequences.'

A report on the incident from heise security (in German) is here, with an announcement from Medion (also in German) here. Removal instructions from Bullguard are here.

Posted on 14 September 2007 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

VB2018 video: Triada: the past, the present and the (hopefully not existing) future

Today we publish the video of the VB2018 presentation by Google researcher Lukasz Siewierski on the Triada Android malware and Google's work with OEMs to remove it from infected devices.

VB2018 paper: Uncovering the wholesale industry of social media fraud: from botnet to bulk reseller panels

Today, we publish the VB2018 paper by Masarah Paquet-Clouston (GoSecure) who looked at the supply chain behind social media fraud.

VB2018 paper: Now you see it, now you don't: wipers in the wild

Today, we publish the VB2018 paper from Saher Naumaan (BAE Systems) who looks at malware variants that contain a wiper functionality. We also publish the recording of her presentation.

Emotet trojan starts stealing full emails from infected machines

The infamous Emotet trojan has added the capability to steal full email bodies from infected machines, opening the possibilities for more targeted spam and phishing campaigns.

VB2018 paper: Who wasn’t responsible for Olympic Destroyer?

Cisco Talos researchers Paul Rascagnères and Warren Mercer were among the first to write about the Olympic Destroyer, the malware that targeted the 2018 PyeongChang Winter Olympic Games. Today, we publish the paper they presented at VB2018 about the…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.