About Me

Toralv Dirro

Toralv Dirro

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

Boot Virus Stoned.Angelina on Medion Laptops sold at Food Discounter Aldi

Thursday, September 13, 2007 at 10:20am by Toralv Dirro
Toralv Dirro

This one forced me to take a panicked look at my calender to check the date, yes, it’s still the year 2007 ;)

Confirming posts in various forums there is indeed a part of the production of Medion MD 96290 Laptops, that were sold at the Food Discounter Aldi in Germany last week, that are infected with the Boot Virus Stoned.Angelina. In a document on their danish website (in danish) Medion describes the incident and provides instructions how to remove the virus.

To make it clear, the name of the virus has got absolutely nothing to do with any famous Hollywood Star! Stoned.Angelina is a Boot Virus that infects the bootsector of floppies and the MBR of hard drives, it doesn’t actually have a payload and was first discovered early in 1994. That was a time when the descriptions of the few viruses known where still in a printed Virus Encyclopaedia…

photo1

How it could happen to get the Laptops that have Microsoft Vista preinstalled infected with this ancient boot virus remains a bit of a mystery. The only way to infect a hard disk with a boot virus is by actually booting from an infected floppy. Nothing I’d expect to be done nowadays when installing Vista…

My old Lab machine for replicating DOS viruses 

One lesson should be taken from this incident: The old viruses are not going away anytime soon. Looking at some customer’s reports of viruses found, there still is the occasional Parity.b, Form.a and Tequila that is found. Some weeks ago even an image of a floppy disk infected with an Amiga virus had been posted in an emulator usenet newsgroup.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (3)

  • 5h4D0\/\/ hun73r July 14, 2008 2:46PM

    ive recently encountered the stoned virus on a emachines T1090 that has mutated so far with the worms hydras and spiders trojans that its not funny any one have and ideas how to get it off and on to a CD let me know thank you. no matter how hard ive tryed it has been able to rereplicate it self and even change its coding while i try to f-disk the thing we might be facing a new gen of cpu virus’

    Reply
  • Toralv Dirro September 14, 2007 11:10AM

    Nothing to add to Vesselin’s comment, of course. It’s the full technical correct description! ;)

    Actually you may not even see a message about replacing the disk with a bootable one, when the copy of the original boot sector on the floppy disk has been overwritten at a later time. After all it’s the loader in the boot sector that determines there is no system on the floppy to boot from and puts out a message.

    Depending on the virus it may or may not have infected the hard disk immediately, before crashing the machine when trying to execute the destroyed copy of the original boot sector.

    Reply
  • Vesselin Bontchev September 13, 2007 11:29AM

    “The only way to infect a hard disk with a boot virus is by actually booting from an infected floppy.”

    Aw, c’mon, Toralv, after all these years at the VTC and then at Dr. Solomon’s/McAfee, I’d expect you to know better. :-)

    All that is required to infect the hard disk is to *forget* a (not necessarily bootable) infected floppy disk in the A: drive of the computer at boot time – and, of course, the BIOS has to be configured to try to boot from the floppy disk first.

    By the time you get the message that the floppy disk is not bootable, the hard disk is already infected.

    Reply