FunLove virus uncommon, but may affect NT security

A new computer virus dubbed "FunLove" has emerged that can attack Windows NT's file security system, according to officials at three top antivirus software vendors.

However, FunLove isn't likely to spread quickly and doesn't pose a major threat to users' systems, the officials added.

"We are in low alert mode on this virus. We don't think it will spread far, and we don't think it will affect many people," said Dan Schrader, vice president of new technology with antivirus software firm Trend Micro.

W32.FunLove.4099, to give the virus its proper title, affects 32-bit Windows 95 and Windows NT files by attaching itself to applications that have .exe, .scr and .ocx extensions. The virus spreads when a user accesses an infected file on a server, Schrader said.

For the average infected user, FunLove's payload isn't severe. It causes a text message to pop up on the user's machine that reads "Fun Loving Criminal," and then attempts to reboot the user's machine, which could cause data loss.

The problem becomes more severe when the virus reached a network administrator's system, said Charles Renert, director of research with Symantec.

"The virus compromises security settings for that system, and the net effect is that administrative rights become accessible to all users via that machine," Renert said.

Only one large firm has reported widespread infection so far, Renert said. The company, which he wouldn't identify, was hit with the virus in France before FunLove spread to its affiliate offices in the US.

Despite its potential to disrupt security settings, Trend Micro doesn't consider the virus a significant threat, in large part because it only affects users who open an infected file when they are in DOS mode, Schrader said.

Antivirus software vendor Network Associates also has given the virus a low priority.

"We haven't had any major reports of it in the US, and we discovered it on Tuesday," said an NAI spokesman.