RealTime IT News

Virus Attacks MCI Servers

MCI WorldCom became the victim of a new computer virus late last week that experts at a leading network security company are labeling as a new method of attack.

Dubbed Remote Explorer, the virus was uploaded on to a single MCI server. The virus quickly replicated and soon appeared on hundreds of MCI servers, although MCI refuses to comment on how many machines were affected.

The virus can affect Windows NT computers with Intel chips running in administrator mode. It doesn't erase data, rather it encrypts data so it cannot be accessed until the encryption is broken. It also compresses program files so they cannot execute.

Network Associates officials believe they have developed a fix to the problem, but it is still being tested. A spokesman there said they won't know until late Monday night whether the problem has been alleviated.

Gene Hodges, a vice president at Network Associates, said the virus had the ability to grind computer operations at major companies to a halt. He is also labeling the act as one of cyberterrorism since the virus can replicate very quickly.

Hodges said the virus steals information from an NT administrator and uses the administrator's privileges to spread the virus without any intervention. Although the virus has not been detected anywhere else yet, it also has the ability to infect computers running Windows 98 and 95.

Officials at Network Associates are working with MCI to contain the virus which has already reportedly appeared on servers spread across 10 countries. However, MCI refused to confirm those reports and said it contained the virus to its systems. MCI said the virus couldn't be spread by accessing the Web site.

Sources told InternetNews.com that MCI has ordered all its employees to not use any of their desktop systems until they are sure the virus has been contained.