Intel LANSpool disks carried Michelangelo

In March 1992, Intel said it had stopped shipping LANSpool 3.01, a print-server utility for Novell NetWare networks. Some official 5.25-inch distribution diskettes carried the Michelangelo boot-sector virus. The infection reached customers through Intel product media, not through a user-downloaded crack or unrelated bulletin board copy.

For a network print utility, that meant one contaminated disk could enter the shared office computing environment through an administrator doing ordinary setup work. The risky action was not experimentation; it was installing a trusted vendor product.

The affected scope was specific. Contemporary reports named the LANSpool 3.01 builds for NetWare 2.1x and 2.2x networks and for NetWare 3.1x networks, and limited the known infected media to 5.25-inch floppy disks. UPI reported that Intel's worst-case estimate was 850 infected units and that Michelangelo was inadvertently shipped on 839 diskettes.

Michelangelo was a DOS boot-sector virus from the Stoned family. It stayed quiet until March 6, then overwrote early hard-disk sectors on infected PCs. That made Intel's timing urgent: LANSpool had begun shipping in January, and the public warning came days before the trigger date.

Intel advised customers who bought LANSpool 3.01 to take precautions, sent antivirus software to customers, and released LANSpool 3.02 as a tested replacement. This is an accidental physical-media supply-chain case. The trusted artifact was the disk in the box.

Motive

Not Applicable

Attribution

Accidental

Cause

Manufacturing Error

Transitive

No

Actor

Accidental

• Intel forced to delay LANSpool 3.01 because of Michaelangelotechmonitor.ai
• Intel warns of possible software virusupi.com
• Virus forces halt, Intel Corp. said itchicagotribune.com
• Michelangelo (computer virus)en.wikipedia.org