First Windows 2000 virus found
- 28 February, 2000 12:49
As Microsoft developers were diligently developing code for Windows 2000, so too were developers from the dark side -- virus writers -- busily preparing the first batch of their infectious code.
Windows 2000 made its public debut just 11 days ago. Already, the first native virus has surfaced for the brand-new operating system. The virus is dubbed W2K.Infis.4608, according to a report from Symantec, the maker of Norton AntiVirus.
Luckily, or unluckily, this virus only spreads if you're online and logged on with administrator privileges, says Charles Rennert, director of research at Symantec's AntiVirus Research Center.
Through lab tests, SARC researchers have determined the W2K.Infis.4608 virus loads a driver called inf.sys into your Windows NT system 32 drivers folder. If you see this file in your system's drivers directory, you have the virus.
You can also find another indication of infection in your Windows registry files. It's likely that the virus is there if you also see this key: hklm\system\CurrentControlSet\Services\inf.
Equal opportunity infections
The W2K.Infis.4608 is a variant of an older, low-risk Windows NT virus called WNT.Infis.4608, which infects certain executable Windows files, according to McAfee.com, maker of VirusScan. The viruses spread only if you're logged on as an administrator.
At this point, Symantec is labelling the virus low-risk, as there have been no reports of infection in the wild, Rennert says. Also, the level of destruction from the virus is negligible.
While the virus won't harm your system, it serves as a reminder to log off as soon as you're done with your tasks as administrator, Rennert says. Often, the most damaging hacker and virus attacks occur when you go online as administrator because an attacker or virus could effectively bring down your entire network.
As Windows 2000 viruses materialise, it's important to note that most 32-bit viruses written for Windows 95 and 98 are also Windows 2000-compatible.
A fix is expected to be available on Symantec's site early this week (http://www.symantec.com).