A new and powerful Windows NT eating virus mounted a massive attack against
telecom giant MCI WorldCom. Thousands of servers and workstations were
infected at 10 sites, forcing those sites off MCI's WAN (Wide Area Network)
until a costly cleanup effort eradicated the pest. Service to customers was
not directly affected [critical communications systems run on Unix -ed].
The new virus is called Remote Explorer. Upon arriving at a Windows NT computer, Remote Explorer corrupts the system, then looks for other NT servers and workstations on the network to infect. The virus is timed to move at night and on weekends when systems monitoring is less intense.
This virus is of intense interest to corporations who have recently moved from Windows95 to Windows NT to escape attacks by Cult of the Dead Cow's Back Orifice.
Unix, Linux, NetWare and OS/2 servers and workstations are immune from infection by this virus (and most others). The virus can, however, live in Windows files stored on non-Microsoft servers and will spring to life when copied to a Windows NT computer.
Infection can be detected by calling up the "services" screen and checking for a service named Remote Explorer. If found, kill all your network hubs and routers, turn off the Remote Explorer service, and call your virus protection vendor for an downloadable fix. Check every Windows NT computer that was attached to your network. This is a persistent virus and can reappear after you think you are clean if not 100% removed from all computers. Future versions will undoubtably use a more unidentifiable service name.
©:Andrew Grygus - Automation Access
All linked pages are copyright © the original creator.
Velocity Networks: Network Consulting Service - Internet Service Provider - Web Page Design and Hosting
All trademarks and trade names are recognized as property of their owners