MCI WorldCom became the victim of a new
computer virus late last week that experts at a leading network security company are
labeling as a new method of attack.
Dubbed Remote Explorer, the virus was uploaded on to a single MCI server.
The virus quickly replicated and soon appeared on hundreds of MCI servers,
although MCI refuses to comment on how many machines were affected.
The virus can affect Windows NT computers with Intel chips running in
administrator mode. It doesn’t erase data, rather it encrypts data so it
cannot be accessed until the encryption is broken. It also compresses
program files so they cannot execute.
Network Associates officials believe they have
developed a fix to the
problem, but it is still being tested. A spokesman there said they won’t
know until late Monday night whether the problem has been alleviated.
Gene Hodges, a vice president at Network Associates, said the virus had the
ability to grind computer operations at major companies to a halt. He is
also labeling the act as one of cyberterrorism since the virus can
replicate very quickly.
Hodges said the virus steals information from an NT administrator and uses
the administrator’s privileges to spread the virus without any
intervention. Although the virus has not been detected anywhere else yet,
it also has the ability to infect computers running Windows 98 and 95.
Officials at Network Associates are working with MCI to contain the virus
which has already reportedly appeared on servers spread across 10
countries. However, MCI refused to confirm those reports and said it
contained the virus to its systems. MCI said the virus couldn’t be spread
by accessing the Web site.
Sources told InternetNews.com that MCI has ordered all its employees to not
use any of their desktop systems until they are sure the virus has been
contained.