Microsoft Shipments Infected With Nimda

All of the Korean-language versions of Microsoft Corp.s Visual Studio .Net developer tool shipped with a help file that is infected with the Nimda virus, company officials said Friday.

However, the application doesnt use the infected file so the risk of infection for users is virtually nil, Microsoft said.

And, even if a developer were to find and open the file, the version of Internet Explorer that ships with VS .Net is immune to Nimda, making it all the more unlikely that the virus could cause any damage to users.

“The risk is quite low, but were taking the problem very, very seriously,” said Chris Flores, lead product manager for VS .Net at Microsoft, based in Redmond, Wash. “We couldnt find any situations in which the developer could be infected.”

Flores said the problem derives from an infected compiled help file that Microsofts Korean sub-contractor sent the company. The compiled file contained several other files, some of which werent scanned completely for potential problems.

A Microsoft employee found the problem, but not until recently, by which time the company had already shipped the Korean version of VS .Net. Microsoft does not reveal exact sales figures, but Flores said the number of Korean copies it has shipped is less than one percent of the total volume of VS .Net sales.

Microsoft has issued a patch for the problem, which is essentially a clean help file, and has also remanufactured clean copies of VS .Net itself. The company said it has not had any reports of infections resulting from the corrupted file.

Related Stories:

• Microsoft Mends More Security Flaws
• Trail of Destruction: The History of the Virus
• More Security Coverage