Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Microsoft Inadvertently Shares Nimda Worm
Software giant says CDs shipped to South Korea were infected, but claims virus is not likely to spread.
Sam Costello, IDG News Service
Wittier members of the security community are sometimes prone to joking about the susceptibility of some Microsoft products to virus infection and propagation. Usually, those are viruses coming from the Internet and through e-mail, but on Friday Microsoft said that it had inadvertently shipped copies of the company's Visual Studio .Net development tool containing the Nimda virus to South Korea.
No infections have resulted from the CDs, Microsoft says.
The infection came as the result of an oversight at a Korean company that Microsoft contracts with to translate its applications and help files into Korean, says Chris Flores, lead product manager for Visual Studio .Net at the Redmond, Washington-based Microsoft.
Hidden in Help Files
The infected file is contained within a help file archive and is never accessed by Visual Studio .Net, making it extremely difficult for the infection to be spread, he says. A user would have to know the name of the file and its location and use a separate utility to extract it in order to spread the virus, he adds.
Additionally, Visual Studio .Net requires the installation of Internet Explorer 6.0, a version of the browser that is patched against Nimda, Flores says.
The issue is "a very low risk, but nonetheless an important security issue," he says.
Nimda first appeared on the Internet in mid-September 2001, spreading through multiple methods, including e-mail, Web pages, file shares, and security holes in Microsoft's Internet Information Services Web server. The worm eventually infected hundreds of thousands of computers worldwide and continues to spread at a much slower pace.
Antivirus firm Trend Micro counts just over 11,200 new Nimda infections in the last 30 days in Asia.
Problem Solved
The infected file was included on the disc due to a Nimda outbreak and the failure of a quality assurance process at the South Korean company, Flores says. When checking the discs, only files that the company expected to be present were searched for, rather than all files, thus allowing unexpected files to slip through, he says.
The proper process is now in place in South Korea and Microsoft has also checked to ensure that other international contractors are using it as well, he says.
Microsoft found the infection in mid-May when it was disassembling the help files for upload to its Microsoft Developer Network Web site, Flores says. The company has since created a patch to repair the problem and is also offering users of the Korean version of Visual Studio .Net uninfected CDs, he says.
The patch and information about how to obtain the new CDs is available on Microsoft's Web site.
Mobile Computing
Top Selling Laptops
Featured APC Accessories
-
APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
-
APC Smart-UPS Loaded with cutting-edge features, unique battery life predictor, unbeatable on-line efficiencies and software agents allowing remote UPS monitoring. Get 10% off your entire kart purchase!
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.95
Anti-virus 2010 (OEM Product, 1 User)Price: $21.66
Norton AntiVirus 2009 (Full Product)Price: $16.89
AntiVirus 2010 (Full Product)Price: $24.95
VirusScan Plus 2009 (Full Product, 1 User)Price: $13.88
Anti-Virus 2009 (Full Product)Price: $15.04
-
Lenovo Laptop Showcase Find out how Lenovo IdeaPads and Thinkpads balance performance and portability. Visit the Lenovo Resource Center for more info...
