Virus Hits Windows NT

A new computer virus has attacked a large U.S. company in what security firm Network Associates is calling an act of "cyberterrorism."

The virus, which apparently propagates itself on Windows NT networks, was identified today after being detected late last week at an unidentified Fortune 100 company, Network Associates said.

Called "Remote Explorer," the virus can propagate itself over Windows NT networks and on NT workstations, compressing program files so they cannot execute, and encrypting data files so users cannot access them, Network Associates said.

Network Associates expects to post a "detector" for the virus on its Web site within hours, and a "cleaner" to combat the virus will be posted later today.

"It has the potential to do more damage to a business than any virus we've ever seen," said Gene Hodges, Network Associates vice president. "This is the first virus we've ever seen that we think has the potential to grind operations to a halt in a major company."

Because it can propagate itself so rapidly, he termed Remote Explorer as the first instance of "cyberterrorism."

Hodges said the virus steals information from an NT administrator, then uses administrator privileges to spread without any person's involvement.

"It just crawls around a network all by itself," said Hodges, who called it a "smart network virus" that cannot propagate itself over the Net but can be transported over the Internet via email or by posting an infected file.

At the victim company, which Hodges identified only as a Fortune 100 firm, Remote Explorer has affected over 10 locations with several thousand computers. The company is now testing Network Associates' antidote for the virus.

Hodges said the programmer who created Remote Explorer, who has not yet been identified, is knowledgeable about Windows NT as well as Unix systems.

"It's a large virus, 120K compiled, so it was not a trivial programming effort," Hodges said.

The new virus has not been seen elsewhere yet but it can be transported not just via NT but also through machines that run Windows 95, Windows 98, Unix file servers for PC files, and Netware.

Network Associates will post instructions on what to do about Remote Explorer today, with its detector. Both the cleaner file being posted later today requires use of Network Associates' antivirus software, but Hodges said companies can download free evaluation copies to use immediately, then add the cleaner file.



FAQ Articles DirectX Plus98! Downloads Drivers News Archive
Home, Links, Awards, Help, Map, Poll, Newsgroups, Online Chat, Mailing List, Search
Tips & Tricks Guides Bugs & Fixes Themes Reviews Site Contents ActiveIE

HR Line

Copyright (C) 1998-1999 The Active Network. All rights reserved.
Please click here for full terms of use and restrictions.