Anti-virus company Network Associates is so far refusing to share the code behind a supposed new virus that it claims is a potential danger to computers running Windows NT.
Competitor Sophos was furious today that arch rival Network Associates had broken the unofficial code of conduct amnongst virus companies. This would usually mean that when a new virus is potentially in the wild, all anti-virus companies share the code for the benefit of users and to help stop the spread of the virus.
Network Associates has been crowing today about the discovery of this new type of virus that can spread over a network without user intervention and infect both NT workstations and servers.
According to the company, the 'Remote Explorer' virus was discovered a week ago when a customer, MCI WorldCom, contacted the company about corrupted files on a number of systems.
But Network Associates has not revealed any information on the virus yet to other anti-virus companies and has only posted a fix for its own software on its website. As a result, customers with other anti-virus software could be left without protection.
Paul Ducklin, technical director at anti-virus company Sophos commented: ?It is a break in pattern, usually a company would send out samples of a new virus and we all work on fixes. However, if it is as bad as they say, it is strange that no one else has had reports of it in the wild."
?I?m afraid this smacks of March 1992 when Network Associates, then McAfee, said the Michael Angelo virus would be the end of the world, but nothing happened. They seem to be buttering their own bread without letting anyone else get at the margarine,? he said.
Helen Flynn, security analyst at Gartner Group, said that it is common practice for virus companies to share information between each other.
?Perhaps they wanted to issue the press release before any of the other companies could,? she commented.
She added that Network Associates recently had a poor record for customer service. ?We have had an increasing number of customers in the UK calling us to say they have problems contacting anyone at the company.?
Network Associates were unavailable to comment on the accusations.
In a conference call on Friday, Peter Watkins, general manager and vice president of Network Associates? Net Tools Secure division, called the virus a ?serious threat? to corporate networks.
?It uses the network to propagate itself. Once it has infected one system it can spread to other systems over the network,? explained Watkins. It then encrypts certain file types, including program files and HTML files, making them unreadable.
But the one affected customer so far, MCI WorldCom, said the virus had been very quickly contained, had ?no impact? on businss at the company and had left no damage.
Network Associates gave VNU Newswire the following information although there is no independent confirmation. The company said the virus can ?impersonate? an NT domain administrator and install itself as a process on an NT server. It consists of a file called IE403R.SYS accompanied by a .DLL file that helps it to propagate itself.
It says further that while the virus can only infect Windows NT systems, files that contain the virus can be stored on other Windows systems or UNIX workstations. The virus appears to be exceptionally elaborate - it is about 125Kbytes and consists of 50,000 lines of C program code.
To see whether a system is infected, NT users can open the ?Services? window in the NT Control Panel. If it lists ?Remote Explorer? as a service, the system is infected.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago