By Joey Gardiner, 12 July 2002 16:30
NEWS Anti-virus firm Network Associates has been forced to issue a hot-fix for its McAfee software after it became apparent that some versions were having trouble picking up the Klez virus. The problem occurs when the Klez worm tries to spread itself via shared files on a network. On some anti-virus software configurations, McAfee does not pick up the worm until it has been executed, meaning it is free to spread as an embedded file within networks. David Emm, product marketing manager at McAfee, told silicon.com: "This was an issue relating to the way that McAfee scanned locked files, and we've done a hot fix to sort this out." He advised concerned users to contact their supplier or customer support line to obtain the fix. SecurityFocus newsgroup contributor Nate Nord, who first noticed the problem, said: "The problem is that the Klez virus distributes itself using network shares and .rar files and McAfee, even though it scans them, sees them as being completely clean. You can even tell McAfee to scan individual infected files and it will not detect the virus. "Only if the files are opened and executed will McAfee detect it but this still leaves the transport mechanism open. The virus still has the ability to completely infect a network... eventually finding unprotected machines and leaving infected files everywhere." He added: "I have a network loaded with infected shares and McAfee is basically clueless... Norton detects the virus immediately regardless of how it is transferred." The news comes as Klez continues to dominate the virus charts. Anti-virus firm MessageLabs has rated the virus the most prolific ever, and now has seen over twice as many copies of it as the next most popular virus, SirCam. Shares in Network Associates plummeted 18 per cent yesterday as it announced second quarter results showing strong growth, but a conservative outlook for future quarters.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below