R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com

Free email newsletters




ADVERTISEMENT

Virus writers target Windows Powershell scripting language

Yet another point of caution, researchers warn

Tom Sanders in California, vnunet.com 01 Aug 2006
ADVERTISEMENT

An Austrian group of virus writers has published new proof-of-concept malware code that targets Microsoft's forthcoming Windows Powershell technology.

The MSH/Cibyz worm does not exploit any vulnerability in the scripting tool. Instead it's similar to batch-type viruses written in Javascript or Visual Basic (VB) that instruct a system to install malware after a user executes the script.

"The moral of the story is that there is no particular file type that is inherently safe. There is the possibility of using vulnerabilities in any software application," Allysa Myers, a virus research engineer with McAfee told vnunet.com.

Powershell malware poses an increased risk over other batch-based threats because enterprises currently do not block Powershell scripts on their network. Malware authors could also be attracted to the tool because it offers a new challenge.

Windows Powershell is a command-line shell tool that lets IT administrators manage a system. It is similar to the command shell in Unix, Linux and OS X. The tool is slated for release in the fourth quarter of this year.

PowerShell was originally scheduled to ship as part of Windows Vista but will now be used for the forthcoming releases of Exchange and Microsoft Operations Manager.

The tool gained instant notoriety last summer after security vendor F-Secure sighted the first proof-of-concept virus and referred to it as Damon. The company mistakenly labelled it as the world's first virus for Windows Vista.

The Damon virus was developed by the same group of malware authors as this year's Cibyz virus. However, the new version is more advanced, said Myers.

"They are taking it further. This one actually works on the older operating systems and not just Windows Vista beta."

The worm also changes every time it infects a file. While that makes it more difficult for primitive scanners to detect the malware, most modern anti-virus tools won't be fooled by this capability.

A Microsoft spokesperson told vnunet.com that it is aware of the worm and stressed strethat the virus doesn't exploit any vulnerabilities in its software.

"Microsoft recommends consumers do not accept files from un-trusted sources and should use up-to-date third-party anti-virus products," he added.


All Enterprise Security Technology

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
SQL Database Administrator
Aylesbury, Buckinghamshire, United Kingdom | Grass Roots
SQL Database Administrator - Aylesbury - £DOE Grass Roots are one of the Sunday Times Top 100 companies to work for (2007 and 2008). Established in 1980, we're part of the Grass Roots Group, which is ... more >
Security Consultant
Hook, Hampshire, United Kingdom | EDS
Description: This vacancy is for an information security consultant to join EDS' Information Assurance team based in Hook. The successful applicant will provide information security support to one or more of EDS' major Defence projects. ... more >
Business Analyst
Aylesbury, Buckinghamshire, United Kingdom | Grass Roots
Business Analyst - £35,000 - £50,000 + benefits - Aylesbury    Grass Roots are one of the Sunday Times Top 100 companies to work for (2007 and 2008). Established in 1980, we're part of the ... more >
Senior Technical Analyst
London, United Kingdom | MHRA
Senior Technical Analyst - £26,781 - £28,562 - London The Medicines and Healthcare products Regulatory Agency (MHRA) is the government agency which is responsible for ensuring that medicines and medical devices work, and are acceptably ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503