funsec mailing list archives

RE: 13-year old boot sector virus shipped on German laptops

From: <Toralv_Dirro () McAfee com>
Date: Mon, 17 Sep 2007 23:05:36 +0100


Well, it's embarrassing enough to find such an old virus...

but this is getting really speculative. 

Unless there is someone on this list who knows about Medions internal
process to create the images (ok, creating images and using them is
speculative, they may actually install Vista on each Laptop seperately,
how unlikely that may be) and would like to share details with us ... :)


cheers,
Toralv

-----Original Message-----
From: Juha-Matti Laurio [mailto:juha-matti.laurio () netti fi] 
Sent: Montag, 17. September 2007 23:48
To: Dirro, Toralv; Valdis.Kletnieks () vt edu
Cc: funsec () linuxbox org
Subject: RE: [funsec] 13-year old boot sector virus shipped 
on German laptops

I believe that there is no an easy way and to answer to your 
question is difficult.

The interesting thing still is how the virus found its way to 
the production line. And why the virus was so old (and harmless).

- Juha-Matti

Toralv_Dirro () McAfee com wrote:


Spreading *from* a floppy is easy - try to boot from one,

even failing

to load an OS from the floppy will get the virus executed

and allow it

to write to hard disk. No matter what OS is on it.

The real question that remains: Is there any step in the

production of

the image that does involve booting from a floppy disk at any time?
Friends I consulted about that said no. All of them.

Sabotage? I wouldn't rule it out....


cheers,
Toralv

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: Montag, 17. September 2007 23:21
To: Dirro, Toralv
Cc: juha-matti.laurio () netti fi; funsec () linuxbox org
Subject: Re: [funsec] 13-year old boot sector virus shipped on 
German laptops

On Mon, 17 Sep 2007 21:49:37 BST, Toralv_Dirro () McAfee com said:

Boot sector viruses don't spread easily (read: 'at all')

under current

operating Systems. Doesn't matter if there is a floppy or not


Then how did it propagate *onto* the gold system that got

imaged to

create the distributed image on the laptops? :)



Firmensitz:     Muenchen 
Amtsgericht:     AG Muenchen 
Handelsregister:   HRB 144340 
Geschaeftsfuehrer:   Eric F. Brown, Anthony E. Ruiseal
Bankverbindung:   ABN-Amro Bank N.V. Konto 671 211 9006 
UST-ID:   DE168122444 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

13-year old boot sector virus shipped on German laptops Juha-Matti Laurio (Sep 15)
- RE: 13-year old boot sector virus shipped on German laptops Richard M. Smith (Sep 15)
- RE: 13-year old boot sector virus shipped on German laptops Toralv_Dirro (Sep 17)
  - Re: 13-year old boot sector virus shipped on German laptops Valdis . Kletnieks (Sep 17)
    - RE: 13-year old boot sector virus shipped on German laptops Toralv_Dirro (Sep 17)
- <Possible follow-ups>
- RE: 13-year old boot sector virus shipped on German laptops Gregory Hicks (Sep 15)
- RE: 13-year old boot sector virus shipped on German laptops Juha-Matti Laurio (Sep 17)
  - RE: 13-year old boot sector virus shipped on German laptops Toralv_Dirro (Sep 17)