Two antivirus companies last week jointly announced a new software virus that infects computers running certain versions of Microsoft's Windows NT operating system.
Named WinNT.Infis, the virus is the first one "found in the wild", outside of labs, that is capable of making its way into the highest security level of the operating system, Central Command and Kaspersky Lab announced. Windows NT is Microsoft's high-end operating system, designed mainly for use in servers and workstations.
The WinNT.Infis virus acts as a Windows NT system driver, and is very difficult to detect and remove from an infected computer's memory, Keith Peer, president of Central Command, said last week. It is a file-infecting, memory-resident virus that operates under Windows NT 4.0 with Service Packs 2, 3, 4, 5, 6 installed.
WinNT.Infis does not infect systems running other versions of NT, Windows 95/98 or the forthcoming Windows 2000, Peer said.
The virus was discovered by a company located near Moscow, and reported to Kaspersky Labs' Russia office, Peer said. "More than likely, the virus was planted by someone, maybe a disgruntled employee," he said. "Typically, viruses just don't appear."
The antivirus companies have examined the virus, developed a way of removing it and informed Microsoft, Peer said.
No instances of the virus have been reported in the US, he said.
A Microsoft official confirmed the virus and advised users to contact their antivirus software provider for an upgrade to protect against the virus.
"This virus is using a new means of hiding; part of the move-countermove war that's going on between virus writers and detectors," said Scott Culp, a manager with Microsoft's security response team. "The bottom line is viruses are an important security issue, and customers can protect themselves best by buying good quality antivirus software."