Microsoft gives a virus to its support customers

Microsoft Corp. said last week that files on one of its Web servers had been infected by a virus, and could have been downloaded by customers of its corporate support services in the United States.

“Microsoft received notification of some infected files on a private access Website for Premier Support and Microsoft Gold Certified Partners in the United States only,” a Microsoft spokesperson said.

One of Microsoft’s servers used to prepare hotfixes was infected with the virus, known as FunLove. A hotfix is a bit of code that can fix a minor bug, or add a tweak to a program. Instead of reprogramming the software, users can download the hotfix themselves and update their programs. The infected hotfixes have been removed and are being replaced, Microsoft said in a statement sent to customers and posted on its Web site.

Several of Microsoft’s hotfixes were infected with FunLove and spread when downloaded by Microsoft’s partners. All the infected hotfixes were released within the past two weeks and were only available for download by Microsoft Premier and Gold Partners, said Microsoft in a statement on its Web site. The virus was allowed to spread due to a human error; the company’s security procedures were overlooked, and this particular server was never scanned for viruses before preparing the hotfixes, Microsoft said.

Only a small number of customers downloaded the infected hotfixes, Microsoft said. The company is working to determine who downloaded the hotfixes, after which it will contact those customers individually and help them deal with the virus, the statement said.

Although contained to the United States, the incident is now attracting attention and causing controversy in other countries.

“If you can’t trust Microsoft, then who can you trust?” said Jonathan Tate, senior product marketing manager at Baltimore Technologies Ltd., and based in Reading, U.K.

“People think that viruses are only spread by e-mail, but when you download something from the Web, you can download anything,” Tate said, adding that viruses like Anna Kournikova, which are spread via e-mail, get a lot of attention. However, users should be aware that anything they download from the Internet could be infected.

“I know this only happened in the United States, but it could happen anywhere,” Tate said.

Microsoft’s Gold and Premier Support partners, which were exposed to the virus, are companies that help customers install and run software such as Web portals. Partners include Compaq Computer Corp., EDS Corp., IBM Corp. and Unisys Corp.

“I would think that they (Microsoft) are obvious targets,” said David Smith, director of strategic marketing at Unisys in the U.K. It is still unclear if Unisys was one of the companies infected with the virus.

“It would be extraordinarily difficult (for Microsoft) to be entirely watertight, and I believe they take significant safeguards to prevent invasion by viruses,” Smith said. “This is unfortunate but I don’t think it will change our relationship with them.”

The virus, FunLove, has been known since 1999. According to the statement on Microsoft’s Web site, the virus degrades the performance of an operating system but it doesn’t destroy it. However, the virus can be spread through shared networks and is difficult to remove once it is in the network. Most antivirus software can detect and remove the virus, Microsoft said.

“As soon as the problem was reported, it was dealt with speedily and has now been resolved. We are not aware of any problems encountered by our customers as a result of this issue, and this is not an issue for our customers in the U.K.,” the spokesperson said.

There are software applications that can prevent files downloaded from the Internet from infecting a network, or individual PCs. These are called content security tools and are developed by companies like Symantec Corp., Tumbleweed Communications Corp. and Surfcontrol PLC. Baltimore also has its own version of the software tool, named Websweeper.

When a user wants to download something from the Internet, the file is first directed to a server that has Websweeper installed, Tate said. The software tool scans anything downloaded from the Internet before it goes onto the user’s PC. If an infected file is downloaded, it stays on the Websweeper server and alerts the user that the file cannot be downloaded since it contains a virus, Tate said.

Information about the FunLove virus can be found at:

Microsoft, in Redmond, Wash., can be reached at Baltimore, based in Dublin, can be reached at Unisys, in Blue Bell, Penn., can be reached at