Boot virus shipped on German laptops

Posted by   Virus Bulletin on   Sep 14, 2007

Aged malware installed on batch of Vista systems.

A consignment of laptops from German manufacturer Medion, sold through German and Danish branches of giant retail chain Aldi, have been found to be infected with the boot sector virus 'Stoned.Angelina', first seen as long ago as 1994 and last included on the official WildList in 2001.

According to German sources, anywhere between 10,000 and 100,000 systems may be infected, but as the machines apparently ship without floppy drives the virus is unlikely to spread. The systems come pre-installed with Windows Vista and Bullguard anti-virus, which will warn of the 'harmless' infection on booting the machines, but is unable to remove it.

Bullguard has provided a special removal tool to remove the offending code, but the incident has highlighted the vulnerability of newer security products to older threats thought long extinct. Some products may even have removed modules designed do deal with boot sector viruses and other elderly threats to improve performance.

'This is a reminder that old viruses never really die,' said John Hawes, Technical Consultant at Virus Bulletin. 'Malware that's been off the radar for years often pops up when least expected, after someone digs out an old floppy or boots up an ancient system, and security firms have a duty to maintain protection against older threats for just this kind of eventuality. It should also remind product makers of the need for thorough security processes and screening before releasing products to market - in this case the only real harm has been to the manufacturer's reputation, but shipping infected goods can have much more serious consequences.'

A report on the incident from heise security (in German) is here, with an announcement from Medion (also in German) here. Removal instructions from Bullguard are here.

Posted on 14 September 2007 by Virus Bulletin



Latest posts:

Standalone product test: FireEye Endpoint

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.

VB2017 video: Consequences of bad security in health care

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at…

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.

VB2017 paper: The (testing) world turned upside down

At VB2017 in Madrid, industry veteran and ESET Senior Research Fellow David Harley presented a paper on the state of security software testing. Today we publish David's paper in both HTML and PDF format.

VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

Trickbot, a banking trojan which appeared this year, seems to be a new, more modular, and more extensible malware descendant of the notorious Dyre botnet trojan. At VB2017, Symantec researcher Andrew Brandt presented a walkthrough of a typical…