Yahoo! News News Home - Yahoo! - Help

CNET
IBM
Home TopStories Business Tech Politics World Local Entertainment Sports Op/Ed Science Health FullCoverage
Technology - CNET
Technology | Reuters | CNET | AP | Reuters Internet Report | ZDNet | TechWeb | USA TODAY | NewsFactor | MacCentral

Microsoft accidentally distributes virus Microsoft accidentally distributes virus
Fri Jun 14, 4:04 PM ET

Robert Lemos

Microsoft accidentally sent the virulent Nimda worm to South Korean developers when it distributed Korean-language versions of Visual Studio .Net that carried the virus, the company acknowledged Friday.

More resources from CNET:
*CNET News.com: Top CIOs
*Non tech gifts for Father's Day, click here!
*Find a job you love. Over 1 million postings.
*Live Tech Help. Submit your question now.
CNET Newsletters:
News.com Daily Dispatch
News.Context (weekly)
News.com Investor (Daily)

More Newsletters
(CNet/ZDNet Privacy Policy)
News.com Video:
* Next round of handwriting software in reach
Microsoft's flagship developer tools picked up the digital pest when a third-party company translated the program into Korean, said Christopher Flores, lead product manager for Visual Studio .Net. Flores stressed that no other foreign-language versions of the program were found to carry the worm, and he said the worm had not actually executed on any developers' systems.

"There have been no recorded infections," Flores said. In fact, he added, it's almost impossible to get the worm to execute on computers with Visual Studio .Net installed.

The infected file is stored in the same location as the help files, Flores said, but it's a file created by Nimda, so the .Net program's help system doesn't know it's there and will never reference--or open--the file. It's unlikely, then, that Nimda would break loose, Flores said.

And if the worm did execute somehow, he said, it couldn't spread to the developer's system because the virus only runs on systems running Internet Explorer 5.5 and lower, and Visual Studio .Net requires version 6.0 of the browser.

"It's extremely unlikely that a developer would ever accidentally get infected by Nimda," said Flores. "They would have to try hard just to run the worm."

Still, the slip up is yet another stain on Microsoft's reputation as the company works to convince the public and the tech community that its products are secure. In a company-wide memo sent last January, Bill Gates ( news - web sites) trumpeted a " trustworthy computing initiative," calling on Microsoft's employees to put security above all else.

Nimda started infecting computers last September and quickly became an epidemic. However, since October, incidents of the worm have dropped.

The Redmond, Wash.-based software giant released Visual Studio .Net in February, and the Korean version made it to market some 90 days ago, Flores said.

The Korean version of the developer tools picked up Nimda from the third-party "localization" company Microsoft hired to translate the program's help system into Korean. That company had already been infected by Nimda and spread the virus to the help tools, which gained an extra, infected file.

Flores said that under Microsoft's security policy, the company normally scans every file being transferred to the master of a program. But in this case, the company only analyzed files it expected to find. Since the Nimda-infected file had been added by the worm, the company overlooked it.

"We have been (scanning all files) in every one of our geographies," Flores said. "There was a loophole in our Korean side that caused us to miss files that we didn't expect to be there."

It wasn't until a Microsoft employee was adding the help documentation to the software giant's developer Web site that the worm was found. "We have to go through a conversion process to an online HTML format," said Flores. "During that process we found an extra file hanging around."

Microsoft has notified all its registered Korean customers, and the company posted a patch to its Web site Thursday night. It also plans to send clean copies of the program to every registered customer free of charge and is attempting to contact developers who may have bought the product but not registered it.

More from > Technology - CNET
Prev. Story: FoxNews.com disabled by attack
Fri Jun 14, 4:04 PM ET - (CNET)
Next Story: FCC considers thin spectrum for wireless
Fri Jun 14, 4:04 PM ET - (CNET)

Email this story - View most popular | Printer-friendly format

Archived Stories by Date:




News Search
Advanced
Search:StoriesPhotosAudio/VideoFullCoverage

Copyright 2002 CNET.
Copyright 2002 Yahoo! Inc. All rights reserved.
Questions or Comments
Privacy Policy -Terms of Service