WITTIER MEMBERS OF the security community are sometimes prone to joking about the susceptibility of some Microsoft products to virus infection and propagation. Usually, those are viruses coming from the Internet and through e-mail, but on Friday Microsoft said that it had inadvertently shipped copies of the company's Visual Studio .Net development tool containing the Nimda virus to Korea.

   ADVERTISEMENT
  

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft

RELATED LINKS
»  IE 7 bug reopens debate over patch responsibilities
»  Woman ordered to pay for file-sharing will appeal
»  McAfee to buy SafeBoot for $350M
»  Security RSS feed 

IDG ENTERPRISE NETWORK
Research Reports  (CIO)
Ask the Expert  (CIO)

TOP NEWS 


IT SOLUTION SEARCH
No infections have resulted from the CDs, Microsoft said.

The infection came as the result of an oversight at a Korean company that Microsoft contracts with to translate its applications and help files into Korean, said Chris Flores, lead product manager for Visual Studio .Net at the Redmond, Wash.-based Microsoft.

The infected file is contained within a help file archive and is never accessed by Visual Studio .Net, making it extremely difficult for the infection to be spread, he said. A user would have to know the name of the file and its location and use a separate utility to extract it in order to spread the virus, he added.

Additionally, Visual Studio .Net requires the installation of Internet Explorer 6.0, a version of the browser that is patched against Nimda, Flores said.

The issue is "a very low risk, but nonetheless an important security issue," he said.

Nimda first appeared on the Internet in mid-September 2001, spreading through multiple methods, including e-mail, Web pages, file shares and security holes in Microsoft's IIS (Internet Information Services) Web server. The worm eventually infected hundreds of thousands of computers worldwide and continues to spread at a much slower pace.

Antivirus firm Trend Micro counts just over 11,200 new Nimda infections in the last 30 days in Asia.

The infected file was included on the disc due to a Nimda outbreak and the failure of a quality assurance process at the Korean company, Flores said. When checking the discs, only files that the company expected to be present were searched for, rather than all files, thus allowing unexpected files to slip through, he said.

The proper process is now in place in Korea and Microsoft has also checked to ensure that other international contractors are using it as well, he said.

Microsoft found the infection in mid-May when it was disassembling the help files for upload to its Microsoft Developer Network Web site, Flores said. The company has since created a patch to repair the problem and is also offering users of the Korean version of Visual Studio .Net uninfected CDs, he said.

The patch and information about how to obtain the new CDs is available at http://msdn.microsoft.com/vstudio/downloads/updates/kohelpfilefix.asp.