Symantec, Network Associates Programs Spot New Virus

Both virus-fighters work through the holiday for cure.

Rival anti-virus developers Network Associates and Symantec both have detection utilities for a new, self-replicating, server-based virus, and both expect to spend part of the Christmas holidays searching for a vaccine. Network Associates reported that the virus called Remote Explorer showed up last weekend at MCI WorldCom. It is unusual because it resides on a Windows NT server and replicates across nodes on a network, encrypting files as it goes, according to Network Associates representatives.

Both Symantec and Network Associates, the leading vendors of antivirus software programs, have posted detection utilities for Remote Explorer on their Web sites. Users can download them free of charge. Users of Symantec’s Norton AntiVirus 5.0 can check a Windows NT system for the virus by looking in the Service applet in the control panel. If it lists a service called Remote Explorer, the system may be infected by this virus. Symantec invites customers who believe their files are infected to submit file samples to the research labs, shared with IBM’s T.J. Watson Research Center, at avsubmit@symantec.com, using the subject line Remote Explorer.

Norton AntiVirus customers can click the LiveUpdate button in the program to connect to Symantec’s Web site to update their software with the detection utility, or download the Intelligent Updater from the Symantec Web site. Network Associates has posted a detection program for download from its Web site. Users of VirusScan can update automatically via the program. Others may go to the McAfee PC Clinic to run an online check. Network Associates also invites users to send files that may be infected with Remote Explorer to their labs via e-mail at virus_research@nai.com or virus_research_europe@nai.com. Both vendors expect to have a repair program for the virus available by next week.

This virus apparently must get into a system administrator's account to infect a server. The developers say Remote Explorer cannot automatically pass through firewalls. Remote Explorer is unusually large; it comprises about 120KB of binary code, while the typical virus is 2K. The new virus is written in C, which is also unusual; most are written in Visual Basic.

Source: PC World

 

FAQ Articles DirectX Plus98! Downloads Drivers News Archive
Home, Links, Awards, Help, Map, Poll, Newsgroups, Online Chat, Mailing List, Search
Tips & Tricks Guides Bugs & Fixes Themes Reviews Site Contents ActiveIE

HR Line

Copyright (C) 1998-1999 The Active Network. All rights reserved.
Please click here for full terms of use and restrictions.