Two anti-virus companies have jointly announced a new software virus that infects computers running certain versions of Microsoft's Windows NT operating system.
Named WinNT.Infis, the virus is the first one "found in the wild," outside of labs, that is capable of making its way into the highest security level of the operating system, Central Command and Kaspersky Lab announced. Windows NT is Microsoft's high-end operating system, designed mainly for use in servers and workstations.
The WinNT.Infis virus acts as a Windows NT system driver, and is very difficult to detect and remove from an infected computer's memory, Keith Peer, president of Central Command, said today. It is a file-infecting, memory-resident virus that operates under Windows NT 4.0 with Service Packs 2, 3, 4, 5, 6 installed.
WinNT.Infis does not infect systems running other versions of NT, Windows 95/98 or the forthcoming Windows 2000, Peer said.
The virus was discovered by a company located near Moscow, and reported to Kaspersky Labs' Russia office, Peer said. "More than likely, the virus was planted by someone, maybe a disgruntled employee," he said. "Typically, viruses just don't appear."
The anti-virus companies have examined the virus, developed a way of removing it and informed Microsoft, Peer said.
No instances of the virus have been reported in the US, he said.
A Microsoft official confirmed the virus and advised users to contact their anti-virus software provider for an upgrade to protect against the virus.
"This virus is using a new means of hiding; part of the move-countermove war that's going on between virus writers and detectors," said Scott Culp, a manager with Microsoft's security response team. "The bottom line is viruses are an important security issue, and customers can protect themselves best by buying good quality anti-virus software."
Detection and removal capabilities for the WinNT.Infis virus has been added to Central Command's AntiViral Toolkit Pro anti-virus database that can be found on the Web at http://www.avp.com.