funsec mailing list archives

RE: 13-year old boot sector virus shipped on German laptops

From: <Toralv_Dirro () McAfee com>
Date: Mon, 17 Sep 2007 21:49:37 +0100


Boot sector viruses don't spread easily (read: 'at all') under current
operating Systems. Doesn't matter if there is a floppy or not

INT 13 is all they know and care about, all real 32bit OS use their own
drivers, not the BIOS to adress floppies. They get killed during the
startup of the OS.


cheers,
Toralv

PS: I did blog about it somewhere here:
http://www.avertlabs.com/research/blog :)

-----Original Message-----
From: funsec-bounces () linuxbox org 
[mailto:funsec-bounces () linuxbox org] On Behalf Of Juha-Matti Laurio
Sent: Sonntag, 16. September 2007 01:12
To: funsec () linuxbox org
Subject: [funsec] 13-year old boot sector virus shipped on 
German laptops

Some references:

http://sunbeltblog.blogspot.com/2007/09/german-computer-maker-
ships-laptops.html
http://www.virusbtn.com/news/2007/09_14.xml
http://www.medion.de/popup_md96290.htm
http://www.bullguard.com/support/tech-guides/how-to-remove-sto

nedangelina.aspx


After digging the specifications from Medion's site it 
appears that these models (MD 96290 Notebook) don't include a 
floppy drive:
http://www.medion.de/md96290/nord/_content/techdetails/index.html

This is the only good news, the virus can't spread so easily.

I have written this entry
http://blogs.securiteam.com/?p=998

too and posted the case to /.
http://it.slashdot.org/article.pl?sid=07/09/15/1623230

- Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



Firmensitz:     Muenchen 
Amtsgericht:     AG Muenchen 
Handelsregister:   HRB 144340 
Geschaeftsfuehrer:   Eric F. Brown, Anthony E. Ruiseal
Bankverbindung:   ABN-Amro Bank N.V. Konto 671 211 9006 
UST-ID:   DE168122444 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

13-year old boot sector virus shipped on German laptops Juha-Matti Laurio (Sep 15)
- RE: 13-year old boot sector virus shipped on German laptops Richard M. Smith (Sep 15)
- RE: 13-year old boot sector virus shipped on German laptops Toralv_Dirro (Sep 17)
  - Re: 13-year old boot sector virus shipped on German laptops Valdis . Kletnieks (Sep 17)
    - RE: 13-year old boot sector virus shipped on German laptops Toralv_Dirro (Sep 17)
- <Possible follow-ups>
- RE: 13-year old boot sector virus shipped on German laptops Gregory Hicks (Sep 15)
- RE: 13-year old boot sector virus shipped on German laptops Juha-Matti Laurio (Sep 17)
  - RE: 13-year old boot sector virus shipped on German laptops Toralv_Dirro (Sep 17)