MCI hit by computer virus
|
|
December 21, 1998: 7:56 p.m. ET
Remote Explorer randomly encrypts files on machines running Windows NT
From Correspondent Bruce Francis
|
NEW YORK (CNNfn) - Employees at MCI WorldCom were confronted with a science fiction scenario made cold fact on Monday when a computer virus struck the company's sprawling network, encrypting and destroying files.
To make things worse, virus consultants Network Associates (NETA) say that the virus -- called "Remote Explorer" -- is unlike any other and may be the smartest, most dangerous computer bug to date.
"We've never seen a virus of this type that has the capabilities, the sophistication and the potential to do such widespread damage so quickly across computer networks," said Peter Watkins, general manager at Network Associates.
MCI called in Network Associates' network security experts when an employee couldn't get to certain computer files. Soon after, the consultants discovered the subversive hand of Remote Explorer at work.
The complexity of the virus alarmed Network Associates, which alerted all its customers worldwide to the threat.
Network Associates still doesn't know how Remote Explorer infected MCI. Perhaps the contagion began with a downloaded file, or through a malicious installation from an employee.
How the virus spreads
Once the virus infects a network server running Microsoft's Windows NT, it quickly hijacks the server, replicating across the network.
Remote Explorer ends up on an individual PC, sometimes masquerading as another piece of software. Then the dirty work begins, as the virus selects folders on the computer and randomly encrypts them, making them unreadable.
Network Associates is now working to unscramble some of MCI's files, but is finding that Remote Explorer is unusually complex -- hundreds of times larger than typical viruses, which can be as small as a few lines of code.
"It was written by a very competent and very sophisticated computer scientist or group of computer scientists who really know what they're doing," Watkins said.
Analysts say that as computer networks become more common, viruses will evolve in step in order to exploit their complex computing environments.
"This is the type of threat network admins are going to have to deal with into the future," said Jim Bladterston, an analyst at Zona Research. "I bet in a year we may be talking about the next generation of virus that does something even more horrendous than this one."
Network Associates spokespeople said MCI (WCOM) was lucky because Remote Explorer was detected before spreading too far.
Another week -- easy to imagine during the hectic holiday season -- and the damage could have been costly and extraordinarily difficult to repair.
As it turns out, MCI said the virus is no longer spreading and no customers were affected, but the company refused to give any further details.
Network Associates stock soared 6-3/8 to 60-3/8 on the news, cracking a new 52-week high.
|
|
|
|
|
|