Microsoft Ships Nimda To Korea

Last September's super virus comes free with the Korean-language version of Visual Studio .NET

Microsoft warned Thursday that copies of its Visual Studio .NET development kit designed for Korea are infected with the Nimda worm.

The company recommended that affected sites immediately install a special program, available from its site, that is designed to clean the infected files.

According to Microsoft, the infected files contain an "inert" copy of the Nimda virus, which is "extremely" unlikely to be activated by users.

In a bulletin about the incident, Microsoft said the Nimda infection was detected in the compressed help files included in the Web stress-testing tool that is shipped with the Korean language version of Visual Studio .NET.

Visual Studio .NET is Microsoft's tool set for building XML Web services. Pricing for the package starts at $1,079.

Citing a desire to "protect customers from the potential actions of any malicious parties," Microsoft declined to provide detailed information about the precise location of the virus and the steps required to activate it.

Nimda first stormed the Internet last September. The complex worm, which targets vulnerable Windows desktop systems and servers, uses several methods to spread.

Microsoft said the Nimda-infected help files are part of Application Center Test (ACT). Use of the ACT system will not activate the virus, nor can it be spread by projects deployed through Visual Studio .NET, according to the company.

Nimda claimed numerous high-profile victims last year, including Microsoft. Pages at the company's Frontpage product site showed evidence of a Nimda infection last September, triggering some visitors' anti-virus software. Microsoft claimed the site was not directly compromised but instead contained remnants of an infection from a third-party content provider.

Besides a mass-mailer that propagates the worm through an infected attachment, Nimda spreads by scanning for unpatched Microsoft IIS Web servers and open network shares. Viewing infected Web pages on Nimda-compromised servers with an unpatched Internet Explorer browser can spread the infection. The worm can also infect executable files.

By Brian McWilliams

Before it's here, it's on the Bloomberg Terminal.