PC Week: Researchers warn about 'FunLove' virus [targets NT file security system]Nov 12, 1999, 18:25 (6 Talkback[s])
(Other stories by Jim Kerstetter)
"The virus, technically called W32.FunLove, brought down the servers of a large company in Europe and has been detected in companies in the United States as well..."
"The good news is that it shouldn't spread all that fast because it doesn't have the ability to e-mail itself like the Melissa virus, said Charles Renert, director of research at SARC [Symantec AntiVirus Research Center]. The bad news is that it uses a new way to attack the file security system of the Windows NT operating system. The virus may also use the network to spread itself. 'It's a little bit of an evolution as far as virus writing is concerned,' said Renert."
"The virus appears as an executable file running on all flavors of Windows, from Windows 95 on up. The only way to recognize that a machine has been infected is by finding the fclss.exe file the virus drops into the Windows System directory. In turn, it infects applications with EXE, SCR or OCX extensions. ... Once an administrator logs on to NT, the virus modifies the NT kernel so that every user has administrative rights to that machine, regardless of the protection."