Microsoft PowerShell, the company's replacement for the Windows command line, has become a target for malware writers, with security software company Symantec claiming to have seen a 95.4 per cent rise in PowerShell malware instances.
PowerShell will become the default alternative to the command line function in Windows when the Creators Edition arrives next year, and has already superseded it in Insider builds.
PowerShell is available already and has been for around for about ten years. It is generally activated by default.
The fact that during a sandbox test of 111 threat families, nearly all the analysed scripts were malicious shows what a threat to the enterprise that the move could potentially be.
Symantec advises sysadmins to make sure that machines are running the latest version of PowerShell and to enable extended logging and monitoring options. They also (not surprisingly) suggest you buy their software to protect yourself.
Among the high-profile cases that have involved PowerShell are the Odinaff Group attacks on financial establishments and the Trojan.Kotver infection, which was created to infect the registry without using any files.
PowerShell can also be used to uninstall security products, detect sandboxes and sniff passwords.
Symantec says: "PowerShell is installed by default on most Windows computers, and most organisations do not have extended logging enabled for the framework. These two factors make PowerShell a favoured attack tool."
It adds: "Furthermore, scripts can easily be obfuscated and allow for payloads to be executed directly from memory."
OpenSSH has been added to bolster security, but because PowerShell is so much more powerful than the old command line, there are a lot more opportunities for mischief. It does, however, form the basis for the interoperability between Linux and Windows that has been increasingly visible over the past year or so.
Back in August, a version of Windows 10 that was automatically rolled out to machines actually borked Powershell altogether, leaving it inaccessible for a week.
And, in the same month, Microsoft warned about a new wave of Word macros viruses - utilising security flaws in PowerShell...
Worried about data privacy? Here are several ways to secure your Facebook account
The ICO is seeking an urgent warrant to investigate a major data breach - everything you need to know as the story continues to unfold
Microsoft comes up with a new way to foist its unloved and little used Edge web browser on people