There's nothing tender about the new FunLove virus.
The virus, technically called W32.FunLove, brought down the servers of a large company in Europe and has been detected in companies in the United States as well, according to researchers at Symantec Corp.'s AntiVirus Research Center.
The good news is that it shouldn't spread all that fast because it doesn't have the ability to e-mail itself like the Melissa virus, said Charles Renert, director of research at SARC. The bad news is that it uses a new way to attack the file security system of the Windows NT operating system. The virus may also use the network to spread itself.
"It's a little bit of an evolution as far as virus writing is concerned," said Renert.
How it works
The virus appears as an executable file running on all flavors of Windows, from Windows 95 on up. The only way to recognize that a machine has been infected is by finding the fclss.exe file the virus drops into the Windows System directory. In turn, it infects applications with EXE, SCR or OCX extensions.
The real goal of the virus is to attack the Windows NT file security system. In order for the virus to attack, it needs administrative rights on an NT server or workstation. Once an administrator logs on to NT, the virus modifies the NT kernel so that every user has administrative rights to that machine, regardless of the protection.
This means that a "guest" -- someone with the lowest possible rights on the system -- would be able to read and modify all files, including files normally accessible only by the administrator.
Symantec officials said they have added virus definitions to recognize FunLove and should have a tool available shortly to help repair an infected machine at www.symantec.com/avcenter/download.html.
Earlier this week, researchers issued warnings about the so-called BubbleBoy virus -- actually a self-replicating worm -- that can spread itself through Microsoft Corp.'s Outlook and Outlook Express software.