January 14, 2000 Web posted at: 12:44 p.m. EST (1744 GMT) by Terho Uimonen

From...

(IDG) -- Antivirus software vendor F-Secure announced that it has received a sample of the first virus written specifically to operate under Microsoft's forthcoming Windows 2000 operating system.

Known as Win2K.Inta or Win2000.Install, F-Secure does not consider the virus to be a big threat however, since it has received no reports that the virus is "in the wild," meaning that it has not yet been discovered outside of controlled environments, said Mikko Hyppönen, manager of antivirus research at the Espoo, Finland-based company.

The virus operates only under Windows 2000 and is not designed to function at all under older versions of Windows. Microsoft is scheduled to start commercial shipments of the new operating system by mid-February.

"The interesting thing is that it already exists, not that it is a big threat," said Hyppönen. "It will probably not have much of a life-span in the real world since ours, as well as other antivirus software programs, already can handle it."

From now on however, most new viruses are likely to include compatibility with Windows 2000, Hyppönen added. "Windows 2000 will be a widely used operating system, and virus writers target the widest possible reach."

F-Secure received a sample of the virus via an anonymous e-mail, as did several other leading antivirus software vendors, Hyppönen said.

MORE COMPUTING INTELLIGENCE

IDG.net home page

It's time to prepare for Windows 2000

Download free PC software fast

IDG.net's personal news page

IDG.net's products pages

Reviews & in-depth info at IDG.net

E-BusinessWorld

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletters

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

The virus was probably written by a known, international group of virus writers known as the 29A virus group, he said. "It is the first Windows 2000 virus, so I think they are mainly after the media attention -- they want their five minutes of fame."

Win2K.Inta works by infecting program files and spreads from one computer to another when these files are exchanged. Once infected, the files do not grow in size, according to F-Secure, and the virus is capable of infecting files with the following extensions: EXE, COM, DLL, ACM, AX, CNV, CPL, DRV, MPD, OCX, PCI, SCR, SYS, TSP, TLB, VWP, WPC and MSI.

This list includes several classes of programs that to date have not been susceptible to virus infection, F-Secure said. For example, this virus will analyze Microsoft Windows Installer files (MSI), scan them for embedded programs and infect them, the company said in a statement.

The virus contains this text string, which is never displayed: ( Win2000.Installer) by Benny/29A & Darkman/29A, according to F-Secure.

Formerly known as Data Fellows, the Finnish software company was founded in 1988 and late last year changed its name to F-Secure. Its North American headquarters are in San Jose, Calif.

Terho Uimonen is Scandinavia bureau chief for the IDG News Service.