News
News
8/1/2006
04:19 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

New Virus Reportedly Puts Windows PowerShell At Risk

McAfee's Avert Labs is warning users of Windows XP, Server 2003, Vista, and Longhorn about the shell script virus, which uses the same infection methods as other shells.

McAfee's Avert Labs has been tracking a new Windows proof-of-concept virus that could affect users of Windows XP, Server 2003, Vista and Longhorn.

The virus, MSH/Cibyz, targets Windows PowerShell. It was released last week by the RRLF virus group. PowerShell is a command-line shell and task-based scripting technology that provides control and administration of system administration tasks. It is supposed to eventually replace the Windows default command interpreter shell, but is not yet installed by default.

MSH/Cibyz is a shell script virus using the same infection methods as other shells. According to Avert Labs researchers, "It cannot achieve memory residency nor possess rootkit capabilities, however malicious code written in Windows PowerShell can be modified to drop a Win32 executable on an infected system to achieve the above mentioned features."

The researchers add that because Windows PowerShell allows users "to do anything one can do from the graphical user interface via a command line shell, it makes it an attractive platform for malware authors to write next-generation viruses."

This is the third proof-of-concept virus targeting Vista that members of the RRLF group have released in the past year, after MSH/Danom and W32/Usined (alias MSIL/Idonus).

"The ones before this were not nearly as sophisticated as this one," says Allysa Myers, a McAfee virus research engineer. "This shows the continuing interest among the virus-writing community in this scripting language."

Myers says solution providers should counsel their customers that threats can come from a much wider array of sources than just .exe files.

"Users seem to think that only certain types of files can hurt you, but they need to look at the greater whole; you need to be aware of what files you're receiving and only open ones that you're expecting," Myers says. "The lines of safety are getting blurrier and blurrier, so having multiple layers of defense is very important."

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.