[ISN] Microsoft security fixes infected with FunLove virus

From: InfoSec News (isnat_private)
Date: Wed Apr 25 2001 - 13:36:35 PDT

  • Next message: InfoSec News: "[ISN] Teen hacker escapes from juvenile facility"

    http://www.theregister.co.uk/content/8/18516.html
    
    By: John Leyden
    Posted: 25/04/2001 at 17:20 GMT
    
    A virus infection of security fix files on Microsoft's partner and
    premier support Web sites has forced the software giant to suspend
    certain downloads for more than a fortnight.
    
    Microsoft issued an alert on Monday, which states that various Hotfix
    files on its Premier Support and Microsoft Gold Certified Partners Web
    sites are infected with the FunLove virus.
    
    A copy of the notice said Microsoft has stopped access "in order to
    protect customers" to an unspecified number of files, and expects to
    be able to restore access later today. Customers were advised to
    contact their technical account manager in the interim.
    
    According to a copy of the notice sent to The Register: "Microsoft
    expects the FunLove infection period spanned approximately two weeks,
    from Friday, April 6, 2001 to Friday, April 20, 2001."
    
    Microsoft was able to say that a US hosting partner ran both sites and
    it wasn't able to put us in touch with someone familiar with the issue
    by the time we went to press.
    
    Eric Chien, chief researcher at Symantec's antivirus research centre,
    confirmed the information supplied by our informant and said the
    infection must have resulted in a breakdown of procedures that
    normally proceed the posting of software by Microsoft.
    
    Any software posted by Microsoft is normally scanned for virus using a
    variety of anti-virus software, he said, and in this case there must
    have being a "mix-up" coupled with the use of a virus infected PC in a
    test and development environment by Microsoft.
    
    Despite what is, by any standard, a monumental security cock-up by
    Microsoft, Chien said the problem is likely to have a "low impact"
    because FunLove is an older virus that almost all the security giants
    partners and enterprise customers are likely to be protected against.
    
    The FunLove virus stopped production at Dell for two days in November
    1999 and the virus is considered a particularly nasty bug. In January
    this year Hewlett-Packard unwittingly distributed printer drivers
    corrupted by the FunLove virus.
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 00:44:21 PDT