Microsoft stopped all access to its hotfixes this week when someone discovered that many of the hotfixes contained the FunLove virus, which first appeared in November 1999. The virus infects Windows-based portable executable (PE) documents, ActiveX controls (.ocx files), and screen saver files. When FunLove runs on a Windows NT system, the virus grants Administrator rights to any user who logs on.
According to Microsoft, the virus affected only hotfixes that Microsoft Premier Customers and Microsoft Gold Partners downloaded, because no other customers had access to the infected files. Microsoft serves hotfixes from a hosting partner's site, and typically checks all files for virus content by using multiple antivirus scanners on the system used to prepare the hotfix software. However, somewhere along the line, the process broke down, and the hotfixes remained infected for approximately 2 weeks—from April 6 to April 20, 2001.
FunLove affected Hewlett-Packard (HP) late last year when the company inadvertently sent out printer drivers infected with the virus. FunLove also disrupted business at Dell Computers for at least 2 days when the virus first appeared in November 1999. Microsoft expects this latest spread of FunLove to have far less impact because of detection technology available since FunLove's discovery.