It was a report to worry any network manager planning to leave systems unattended over Christmas. On December 21st, the anti-virus software company Network Associates announced it had discovered a new and extremely dangerous form of virus. One major company had suffered an attack in what it said was the first instance of "cyber-terrorism". "It has the potential to do more damage to a business than any virus we've ever seen," said Gene Hodges, Network Associates vice president. "This is the first virus we've ever seen that we think has the potential to grind operations to a halt in a major company."
Unlike most viruses, the new Remote Explorer does not depend directly on users opening an infected file or email message in order to spread. Instead, it moves across a Windows NT network stealthily by using the network administrator's privileges to install itself across the network. The effect, or "payload", of the virus is to compress some files. Network Associates did not name the company which had been attacked but MCI WorldCom was quickly identified as the victim. According to an MCI spokesman, Jim Monroe: "It had no impact on our customers or our operations." He would not specify how widely the virus had spread nor how many computers it had affected.
In a warning bulletin, the US Computer Emergency Response Team (CERT) later said 50 NT servers had been affected. It also played down the overall significance of the new virus by pointing out that only one infestation had been confirmed. Network Associates quickly dropped the "cyber-terrorism" description of the virus attack after being accused of undue hype. However it rejected the charges of rival companies that it had been slow to share knowledge of Remote Explorer with other anti-virus companies.
"We would share it with them immediately, so they should do the same," said Enrique Salem of Symantec, which competes with Network Associates in anti-virus products.
Network Associates said its first priority was to help its customers. "We put the code out there as soon as we could responsibly put it out there," said a spokeswoman.
Meanwhile, a Russian-based security company has warned that the Russian economic downturn may result in an upsurge in hacking, software piracy and virus creation.
According to a spokesman for Aladdin Software Security: "By the end of this year only 50 per cent of Russian software companies will survive. What will the qualified personnel who have been thrown onto the streets do?"
The economic chaos means that demand for pirate software has grown rapidly. "They have put hacking on an industrial track," said Sergei Gruzdev, director of Aladdin Software Security, adding that huge amounts of money could be made from software piracy.