Industry

Virus writers target Windows Powershell

By Derek Sooman August 2, 2006, 6:36 9 comments

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

One of the things that annoys me most about trying to use Windows for anything serious (i.e. not just playing games, movies, mp3s, surfing the Net, etc) is its lack of a good command line and scripting language; batch is awful. Recently I had to write a script in batch (in anger) and was amazed at just how completely rotten it was. Things I could accomplish in Perl in one line were taking five lines of code plus, and sometimes things seemed not to work for no good reason at all that I could discern.

Microsoft seem to have recognised the need for a decent command line and scripting language in Windows, and as such have begun working on the Microsoft Command Shell (MSH), aka Monad, now known as PowerShell. PowerShell is a lot more like the sort of command line and scripting technology you would expect from UNIX shells like BASH - its smart, versatile and does some right groovy tricks (like allowing you to explore the registry as if its a file system, etc.) PowerShell will likely be making its debut proper in Vista, but you can download beta versions right now and install them on XP if you want (which I did.) It might wind up being released as a separate product to Vista. All in all, it's a very good step in the right direction for Microsoft.

However, with the herald of this new technology comes a new threat - an Austrian group of virus writers has published new proof-of-concept malware code that uses Powershell. Dubbed the MSH/Cibyz worm, the malware attempts to spread via the Kazaa P2P file sharing application, and users who are silly enough to open such files will be infected. As a proof-of-concept worm, the code does little more than drop a copy of itself in shared folders used by Kazaa, but nevertheless it highlights the potential for havoc which PowerShell represents.

A Microsoft spokesperson told vnunet.com that it is aware of the worm and stressed that the virus doesn't exploit any vulnerabilities in its software.

"Microsoft recommends consumers do not accept files from un-trusted sources and should use up-to-date third-party anti-virus products," he added.

9 comments 0 likes and shares

Tech Jobs: Find the next step in your career

Related Stories

Featured on TechSpot