All the latest UK technology news, reviews and analysis
|
|
|
01 Aug 2006
An Austrian group of virus writers has published new proof-of-concept malware code that targets Microsoft's forthcoming Windows Powershell technology.
The MSH/Cibyz worm does not exploit any vulnerability in the scripting tool. Instead it's similar to batch-type viruses written in Javascript or Visual Basic (VB) that instruct a system to install malware after a user executes the script.
"The moral of the story is that there is no particular file type that is inherently safe. There is the possibility of using vulnerabilities in any software application," Allysa Myers, a virus research engineer with McAfee told vnunet.com.
Powershell malware poses an increased risk over other batch-based threats because enterprises currently do not block Powershell scripts on their network. Malware authors could also be attracted to the tool because it offers a new challenge.
Windows Powershell is a command-line shell tool that lets IT administrators manage a system. It is similar to the command shell in Unix, Linux and OS X. The tool is slated for release in the fourth quarter of this year.
PowerShell was originally scheduled to ship as part of Windows Vista but will now be used for the forthcoming releases of Exchange and Microsoft Operations Manager.
The tool gained instant notoriety last summer after security vendor F-Secure sighted the first proof-of-concept virus and referred to it as Damon. The company mistakenly labelled it as the world's first virus for Windows Vista.
The Damon virus was developed by the same group of malware authors as this year's Cibyz virus. However, the new version is more advanced, said Myers.
"They are taking it further. This one actually works on the older operating systems and not just Windows Vista beta."
The worm also changes every time it infects a file. While that makes it more difficult for primitive scanners to detect the malware, most modern anti-virus tools won't be fooled by this capability.
A Microsoft spokesperson told vnunet.com that it is aware of the worm and stressed strethat the virus doesn't exploit any vulnerabilities in its software.
"Microsoft recommends consumers do not accept files from un-trusted sources and should use up-to-date third-party anti-virus products," he added.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
A leading global provider of critical information to...
Playstations and table football in the kitchen? Standard...
Systems Engineer - 2nd/3rd Line Support - Microsoft OS...
A leading global provider of critical information to...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
MS is right for once
That virus researcher from McAffee must of been misqouted or something because that virus doesn't exploit anything except human stupidity.
Posted by: notaretard 17 Aug 2006
What is the delivery mechanism?
If it doesn't have a viable delivery mechanism then it wouldn't qualify as a virus. The ability to write code that "does nasty things" (fdisk anyone?) is trivial in the extreme. Not mentioning the delivery mechanism is just appaling journalism(!!!!)
Posted by: qlclarke 02 Aug 2006