. Updated Daily. Editions SDA India   SDA Indonesia
JAX Asia 2008 - Conference for Enterprise Java, SOA, Spring, Web Services, Ajax, Agile and more
BUSINESS ENTERPRISE SOLUTIONS ARCHITECTURE INFORMATION SECURITY WIRELESS & MOBILITY DATA & STORAGE DEVELOPMENT HARDWARE













News

Wednesday, 2 August 2006

Virus Writers In the News For Wrong Reasons
 

 

Hackers and malware authors have always targeted Microsoft’s products. With every emergence of a new scripting platform from Microsoft, virus authors have taken advantages of the features of the new scripting language to create milestones in virus outbreak history. An Austrian group of virus writers has published new proof of concept malware code that targets Microsoft's forthcoming Windows Powershell technology. The MSH/Cibyz worm does not exploit any vulnerability in the scripting tool. Instead it's similar to batch-type viruses written in JavaScript or Visual Basic (VB) that instruct a system to install malware after a users executes the script. MSH/Cibyz belongs to the plain old garden-variety shell script virus – it uses the same infection methods that one could with any shell, not just the Windows PowerShell in particular.

"The moral of the story is that there is no particular file type that is inherently safe. There is the possibility of using vulnerabilities in any software application," said Allysa Myers, a virus-research engineer with McAfee.

Powershell malware poses an increased risk over other batch-based threats because enterprises currently do not block Powershell scripts on their network. Malware authors also could be attracted to the tool because it offers a new challenge.

Windows Powershell is a command-line shell tool that lets IT administrators manage a system. It was originally scheduled to ship as part of Windows Vista but will now be used for the forthcoming releases of Exchange and Microsoft Operations Manager. The tool gained instant notoriety last summer after security vendor F-Secure sighted the first proof-of-concept virus and referred to it as Damon. The company mistakenly labeled it as the world's first virus for Windows Vista.

The same group of malware authors [as this year’s Cibyz virus] developed the Damon virus. The new version however is more advanced, said Myers. "They are taking it further. This one actually works on the older operating systems and not just Windows Vista beta."

 
 
print save email comment

print

save

email

comment
 
 

Search SDA Asia

Free eNewsletter
SDA Asia Magazine Free Download
 
 
 
Copyright @ 2008 SDA Asia Magazine - All Right Reserved Privacy Policy | Terms of Use