New virus spreads hard feelings

A real-life virus may be infecting relations between companies that fight computer bugs. Last week, Spanish antivirus company Panda Software announced that five of its customers had been attacked by a new virus, known as HTML/LittleDavina, which deleted data on hard drives after dialing out to a site on the Web.

The revelation surprised and angered other virus researchers because Panda didn't share samples of the virus with them in an informal group known as the Rapid Exchange of Virus Source, or REVS, list.

The reason: the Panda member on that list had a virus - a real-life one, said Donna Rogers, chief marketing officer for Panda Software in the United States.

"Inaki Urzay is head technical director, and he has the relationship with the others" on the list, said Rogers. "He was out sick that day and wasn't around to forward the virus to the network."

Panda went public with HTML/LittleDavina last Friday, after four of its customers were hit with the virus. A fifth had been infected by the end of the day. The virus infects users of Microsoft's Windows 2000 who open an e-mail containing the virus.

The bug redirects the user to a Spanish Web site, from which a Visual Basic Script file is downloaded. The file searches for all hard drives connected to the computer, overwrites files with HTML code and displays a love message in Spanish. The virus currently does not pose any threat because the Web site to which it reroutes victims has been taken down.

"We haven't purposely withheld anything," said Rogers. "The virus was very scary, and we felt we had to get information out immediately."

Yet others in the industry are not pleased with Panda. "If that's their excuse, then they need to figure out something else," said Vincent Gullotto, director of Network Associates' antivirus emergency research team. "I'd have to have 20 researchers out to not send out virus samples."

Three years ago, McAfee Associates - now the core of Network Associates' antivirus team - found itself the center of a similar controversy when it warned the public of the Remote Explorer virus but didn't pass along samples to the industry.

Gullotto said business managers who were more interested in good public relations than in playing well within the industry had been responsible and that such an incident would never happen today.

Symantec, which makes Norton AntiVirus software, also criticized Panda. In comments to U.K.-based news service VNUNet, Symantec's chief researcher, Eric Chien, said, "It's a little bit annoying when companies don't share information about viruses, as it makes it difficult for us to protect people and provide them with information, especially if it's a real-world threat."

Antivirus-industry watcher Rob Rosenberger said Panda may be kicked off the REVS list as punishment for withholding information. "Panda will possibly be temporarily suspended from industry distribution networks," said Rosenberger, who runs the Virus Myths Web site. "But, if they are, it's not going to mean that much, since most virus samples - for the important viruses -are readily available."

NAI's Gullotto believes that a stronger action may be needed. "REVS was designed to stop things like this from happening," he said. "If they are a member of REVS, then it has failed miserably. If so, I will instruct my researchers to dismantle the list." He expects the issue to be brought up later this week at the Anti-virus Developers Consortium meeting.