• PC World
• »Security

Wittier members of the security community are sometimes prone to joking about the susceptibility of some Microsoft products to virus infection and propagation. Usually, those are viruses coming from the Internet and through e-mail, but on Friday Microsoft said that it had inadvertently shipped copies of the company's Visual Studio .Net development tool containing the Nimda virus to South Korea.

No infections have resulted from the CDs, Microsoft says.

The infection came as the result of an oversight at a Korean company that Microsoft contracts with to translate its applications and help files into Korean, says Chris Flores, lead product manager for Visual Studio .Net at the Redmond, Washington-based Microsoft.

Hidden in Help Files

The infected file is contained within a help file archive and is never accessed by Visual Studio .Net, making it extremely difficult for the infection to be spread, he says. A user would have to know the name of the file and its location and use a separate utility to extract it in order to spread the virus, he adds.

Additionally, Visual Studio .Net requires the installation of Internet Explorer 6.0, a version of the browser that is patched against Nimda, Flores says.

The issue is "a very low risk, but nonetheless an important security issue," he says.

Nimda first appeared on the Internet in mid-September 2001, spreading through multiple methods, including e-mail, Web pages, file shares, and security holes in Microsoft's Internet Information Services Web server. The worm eventually infected hundreds of thousands of computers worldwide and continues to spread at a much slower pace.

Antivirus firm Trend Micro counts just over 11,200 new Nimda infections in the last 30 days in Asia.

Problem Solved

The infected file was included on the disc due to a Nimda outbreak and the failure of a quality assurance process at the South Korean company, Flores says. When checking the discs, only files that the company expected to be present were searched for, rather than all files, thus allowing unexpected files to slip through, he says.

The proper process is now in place in South Korea and Microsoft has also checked to ensure that other international contractors are using it as well, he says.

Microsoft found the infection in mid-May when it was disassembling the help files for upload to its Microsoft Developer Network Web site, Flores says. The company has since created a patch to repair the problem and is also offering users of the Korean version of Visual Studio .Net uninfected CDs, he says.

The patch and information about how to obtain the new CDs is available on Microsoft's Web site.