Microsoft releases tool to remove, but not deter, computer virus

Wednesday, July 14th 2004, 12:39 pm

By: News On 6

SEATTLE (AP) _ Microsoft Corp. has released a tool for finding and removing a new computer virus _ but still did not offer a patch that would keep the download from spreading to computers in the first place.

Stephen Toulouse, a security program manager with Microsoft, said Tuesday the company was still working on a fix that would prevent the virus, called ``download.ject'', from spreading. In the meantime, the company is providing a way to clean computers that have already been attacked.

He could not say when the patch might be completed.

Microsoft previously released a security update that changed settings in its Windows operating system to thwart a hacker's ability to deliver the malicious code. But that update did not entirely fix the flaw that makes the spread possible.

On Tuesday, Microsoft also released more tools that change Windows settings to prevent the attack from getting to desktops. Toulouse said the company was responding to security experts who warned that the virus might mutate or seek other routes of attack.

The fixes follow a virus discovered in late June that is designed to steal passwords and other valuable information. The flaw exploits a vulnerability in Microsoft's Internet Explorer browser, allowing a computer virus to spread through a new technique that converts popular Web sites into virus transmitters.

Until the interim software updates were released, some security experts were recommending that users switch from Microsoft's vastly dominant IE browser to rivals such as Mozilla or Opera.

Toulouse said the attack did not appear to be widespread, since the company had not seen a big spike in customer calls about it.

Microsoft also released two other patches Tuesday that were deemed ``critical,'' Microsoft's highest level of security warning. The patches fix vulnerabilities in Windows that could allow an attacker to take any action on a user's desktop, simply by convincing the user to click on a Web link.