Feeds

Windows NT systems targeted by new ‘network’ virus

Remote Explorer claims first victim: MCI WorldCom

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

What appears to be the world's first network virus, already dubbed Remote Explorer, has hit telecoms giant MCI WorldCom's network of Windows NT machines. The virus' effects were detected on Thursday, but the cause was only identified yesterday, by Network Associates (NA), developer of the McAfee anti-virus tool. While The Register would never accept the cynical suggestion that virus are being conjoured up by the creators of the antidote applications as a way of boosting business, NA was very quick to describe Remote Explorer as heralding "a new era" in virus technology with the potential to "do more damage to a business than any virus we've ever seen", claim that it was the first real instance of "cyberterrorism", and suggest worried network administrators rush over to its Web site and download the trial version of McAfee and the detector patch. In a statement verging on the admirational, NA said Remote Explorer's programmers had a knowledge of operating systems, networks and business operations that went far beyond the capabilities of most virus creators. MCI WorldCom understandably wanted to play down such hyperbole, and a spokesman simply said that the infection had been quickly contained and "had no impact on our customers or operations". Microsoft's Windows NT group product manager, Jason Garms, was also quick to play down the virus' power, saying it's not much different from other viruses beyond its ability to move rapidly round a network. Remote Explorer -- for once an Explorer that isn't a Microsoft product -- itself differs from more commonplace viruses by attacking not specific machines but the network. According to NA's boffins, it only affects Intel-based machines (and presumably Intel-compatible PCs) running Windows NT in Administrator mode. Once there, it obtains the security information it needs to spread itself around the network. NA reckons it can also travel via Windows 95/98, NetWare and Unix file servers running on Intel hardware As it moves around, Remote Explorer compresses random program files and encrypts data. However, both methods are known, and the NA fix will restore both types of file to their original state, said a Microsoft spokesman. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.