---

PC Week: Researchers warn about ‘FunLove’ virus [targets NT file security system]

“The virus, technically called W32.FunLove, brought down the
servers of a large company in Europe and has been detected in
companies in the United States as well…”

“The good news is that it shouldn’t spread all that fast because
it doesn’t have the ability to e-mail itself like the Melissa
virus, said Charles Renert, director of research at SARC [Symantec
AntiVirus Research Center]. The bad news is that it uses a new way
to attack the file security system of the Windows NT operating
system. The virus may also use the network to spread itself.
‘It’s a little bit of an evolution as far as virus writing is
concerned,’
said Renert.”

“The virus appears as an executable file running on all flavors
of Windows, from Windows 95 on up. The only way to recognize that a
machine has been infected is by finding the fclss.exe file the
virus drops into the Windows System directory. In turn, it infects
applications with EXE, SCR or OCX extensions. … Once an
administrator logs on to NT, the virus modifies the NT kernel so
that every user has administrative rights to that machine,
regardless of the protection.”

Complete
Story