Feeds

Microsoft security fixes infected with FunLove virus

Is this the worst security screw up ever?

  • alert
  • submit to reddit

Security for virtualized datacentres

A virus infection of security fix files on Microsoft's partner and premier support Web sites has forced the software giant to suspend certain downloads for more than a fortnight.

Microsoft issued an alert on Monday, which states that various Hotfix files on its Premier Support and Microsoft Gold Certified Partners Web sites are infected with the FunLove virus.

A copy of the notice said Microsoft has stopped access "in order to protect customers" to an unspecified number of files, and expects to be able to restore access later today. Customers were advised to contact their technical account manager in the interim.

According to a copy of the notice sent to The Register: "Microsoft expects the FunLove infection period spanned approximately two weeks, from Friday, April 6, 2001 to Friday, April 20, 2001."

Microsoft was able to say that a US hosting partner ran both sites and it wasn't able to put us in touch with someone familiar with the issue by the time we went to press.

Eric Chien, chief researcher at Symantec's antivirus research centre, confirmed the information supplied by our informant and said the infection must have resulted in a breakdown of procedures that normally proceed the posting of software by Microsoft.

Any software posted by Microsoft is normally scanned for virus using a variety of anti-virus software, he said, and in this case there must have being a "mix-up" coupled with the use of a virus infected PC in a test and development environment by Microsoft.

Despite what is, by any standard, a monumental security cock-up by Microsoft, Chien said the problem is likely to have a "low impact" because FunLove is an older virus that almost all the security giants partners and enterprise customers are likely to be protected against.

The FunLove virus stopped production at Dell for two days in November 1999 and the virus is considered a particularly nasty bug. In January this year Hewlett-Packard unwittingly distributed printer drivers corrupted by the FunLove virus. ®

Related Stories

Fun Loving Criminals torpedo Dell factory
HP distributes virus infected drivers

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.