Microsoft PowerShell, the company's replacement for the Windows command line, has become a target for malware writers, with security software company Symantec claiming to have seen a 95.4 per cent rise in PowerShell malware instances.
PowerShell will become the default alternative to the command line function in Windows when the Creators Edition arrives next year, and has already superseded it in Insider builds.
PowerShell is available already and has been for around for about ten years. It is generally activated by default.
The fact that during a sandbox test of 111 threat families, nearly all the analysed scripts were malicious shows what a threat to the enterprise that the move could potentially be.
Symantec advises sysadmins to make sure that machines are running the latest version of PowerShell and to enable extended logging and monitoring options. They also (not surprisingly) suggest you buy their software to protect yourself.
Among the high-profile cases that have involved PowerShell are the Odinaff Group attacks on financial establishments and the Trojan.Kotver infection, which was created to infect the registry without using any files.
PowerShell can also be used to uninstall security products, detect sandboxes and sniff passwords.
Symantec says: "PowerShell is installed by default on most Windows computers, and most organisations do not have extended logging enabled for the framework. These two factors make PowerShell a favoured attack tool."
It adds: "Furthermore, scripts can easily be obfuscated and allow for payloads to be executed directly from memory."
OpenSSH has been added to bolster security, but because PowerShell is so much more powerful than the old command line, there are a lot more opportunities for mischief. It does, however, form the basis for the interoperability between Linux and Windows that has been increasingly visible over the past year or so.
Back in August, a version of Windows 10 that was automatically rolled out to machines actually borked Powershell altogether, leaving it inaccessible for a week.
And, in the same month, Microsoft warned about a new wave of Word macros viruses - utilising security flaws in PowerShell...
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago