Microsoft accidentally ships Nimda in Korea

June 17, 2002 Sophos Press Release

Microsoft has confirmed that it accidentally distributed to developers a copy of the W32/Nimda virus in Korean versions of its Visual Studio.net package.

The Nimda virus was first seen in September 2001, and can be easily stopped with up-to-date anti-virus software.

According to Christoper Flores, lead product manager for Visual Studio.net at Microsoft, the virus infected a file on the CD after a third party company translated the package into Korean.

Using a vulnerability in Microsoft's IIS web server software, the Nimda virus corrupts websites with malicious code. Without their knowledge, innocent computer users may trigger the virus by simply browsing a website. The virus then forwards itself by email to all addresses found on the user's computer.

There are no reports of anyone having been infected by this new distribution of the virus and Microsoft has published more information on its website at http://msdn.microsoft.com/vstudio/downloads/updates/kohelpfilefix.asp.

"Fortunately, on this occasion, it seems unlikely that people will become infected from this accidental distribution," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "The company which will be most damaged will be Microsoft itself as its credibility in the security arena takes a knock. However, it would be a mistake for other companies to feel smug about Microsoft's misfortune. All companies should put in place proper safe computing guidelines to minimise the risk of virus infection, and ensure their partners and suppliers do the same."

Sophos recommends that users concerned they may be vulnerable to infection ensure they are running a reliable, up-to-date anti-virus product.