FunLove infects Windows-based computers across networks and brings the concept of evading antivirus software to a new level of resiliency, said Symantec Antivirus Research Center director Vincent Weafer.
Once it infects a computer, it resides in memory and reinfects files as fast as antivirus software can clean them, he said. In addition, the virus weakens the security of a system, making it easier to attack, he said.
Symantec's ordinary antivirus software can't eradicate the virus on Windows NT machines, so a special program must be used, Weafer said. On Windows 95 and 98 machines, it's relatively simple to remove, he said. On Windows NT, the virus resists any attempt to shut it down.
The FunLove virus itself is relatively harmless because it doesn't destroy files but rather adds data to files, making them gradually get larger and larger, Weafer said. The virus adds the name of the obscure rock band Fun Loving Criminal into the files, said Russian antivirus company Kaspersky Lab.
Several companies have reported infection by the virus, mostly in Europe but also in the United States and Canada, he said. It was first observed Tuesday.
Meanwhile, the new Bubbleboy virus has made it to Web sites, though there have been few if any reports of actual infections, Weafer said. The author of the virus posted copies at several Web sites on Monday, as well as sending it to antivirus companies. Now the author has posted an updated version, Weafer said.
Bubbleboy, which isn't particularly dangerous itself, spreads by email but, unlike predecessors such as the Melissa virus, can infect a computer when a person only opens an email.