/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsLaura DiDio
Several antivirus vendors, including market leader Symantec Corp., said they’ve
received copies of a W.32 Donut virus designed for the evolving .NET
architecture. In published news reports, Symantec officials noted that because
much of the .NET strategy and accompanying products are still in development and
not widely deployed, there’s little immediate opportunity to do damage. The
next-generation Windows 2000 Server – dubbed Windows .NET Server, for example,
is not due to ship until sometime in the second half of this year.
But this is an ominous portent of things to come. According to the report
released by Symantec’s antivirus team, the W.32 Donut only infects computers
running Windows 2000 and above. When it detects its targeted operating system,
it attempts to infect all files in the directory containing .exe files created
specifically for the .NET framework and in up to 20 directories above it.
Sometimes the virus leaves a message reading: "This cell has been
infected by dot NET virus!
.NET dotNET by Benny/29A." The virus’ author "Benny," is a
19-year-old Czech, who is a member of the hacking group 29A, which is well known
in hacking circles. This is not Benny’s first foray into the world of
Windows-centric viruses: Last year, he gained infamy as the originator of the
W32.Winux virus, the first cross-platform virus known to attack both Windows and
Linux systems.
So with viruses cropping up like weeds on a summer lawn, what does all this
mean to corporate users? For several years now, any software package bearing the
Microsoft logo has been high on hackers’ radar screens. Hacking Microsoft, and
vicariously Bill Gates, has become a blood sport to hackers seeking their 15
minutes of fame. This will not change in the immediate or near future. If
anything, Windows-centric and .NET-specific viruses will proliferate as fast as
the burgeoning popularity of the new Microsoft offerings.
The W.32 Donut virus is obviously meant to scare customers and Microsoft
alike into thinking that .NET servers are vulnerable, and it may succeed – but
it doesn’t have to. Microsoft has made some significant strides in bolstering
the inherent security in its products. However, it is unrealistic to expect that
Microsoft or any software vendor can make its software impervious to viruses
(and other types of) rogue code.
Be prepared, be vigilant and practice good computer security hygiene.
Companies that do not treat networking security with the respect and attention
it deserves will unfortunately suffer the consequences sooner or later. When all
is said and done, corporate data is the lifeblood of your business. Defend it.