Virus Targets Microsoft Web Services Software


Someone has written a virus targeting Microsoft's Web services software, which has yet to be released, security experts said Wednesday.

The "proof-of-concept" virus was sent by its Czech author to antivirus vendors so they could work with Microsoft on a fix, says Craig Schmugar, virus research engineer at Network Associates.

The virus, called W32/Donut, targets executable files created for Microsoft's .NET Web services technology under which software will be available online as a service to anyone using any device. The threat from the virus is low since the .NET software is still being tested by developers and has not yet been installed on a lot of machines, according to Schmugar. In addition, the virus does not spread itself via e-mail or Web browsers, but requires someone to save an infected file to a computer hard drive for it to infect other files, he says.

"It does not have any significant chance to become widespread," Symantec said in a statement. "However, it shows that virus writers are paying close attention to the new .NET architecture from Microsoft and are attempting to understand the framework that eventually will be available on most systems."

By its very nature, Microsoft's Web services will provide a relatively easy way for nasty code to spread, Schmugar says.

"[The .NET technology is so Web-based that there's already a propagation method," he says. "There's a good chance that by the time [.NET is fully released there could be a virus that's ready to exploit it."

Microsoft security experts were not immediately reachable for comment.

The Redmond, Wash.-based software giant has been criticized by computer security experts for developing software that too readily allows code to perform executions on Windows systems, opening the door to viruses that steal data, delete files or leave open back doors on systems for future hacking.

Copyright 2000 Reuters Limited. All rights reserved.

Republication or redistribution of Reuters content, including by framing or similar means, is expressly prohibited without the prior written consent of Reuters.

Reuters shall be not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.