[ISN] Virus writer targets new Microsoft scripting tool

InfoSec News isn at c4i.org
Fri Aug 5 01:06:06 EDT 2005


By Joris Evers 
Staff Writer, CNET News.com
August 4, 2005

Virus writers are targeting a new Microsoft tool that will be part of
Windows and is set to ship as part of the next Exchange e-mail server

A virus writer has published the first examples of malicious code that
targets Microsoft's upcoming command-line shell, code-named Monad,
according to Finnish antivirus maker F-Secure. If the technology is
included in Windows Vista, these could be one of the first viruses to
target the new operating system formerly known as Longhorn, F-Secure
said Thursday.

Monad, also known as MSH, is the replacement for the simple command
shell in the current versions of Windows. A shell, also called a
command line interface, allows a user to give a computer textual
commands either from a keyboard or from a script. Monad has much more
functionality, after the shells in competing products such as Bash in
Unix. However, by adding the ability to run more-complex scripts,
Microsoft may also be opening another door to attackers.

Monad will support Windows Server 2003, Windows XP and Windows Vista,
Microsoft representatives said in a Web chat late last year. However,
the software maker has not disclosed how it will deliver the tool.

The examples that made it to the Web would cause little harm but could
be modified, according to Mikko Hypponen, director of antivirus
research at F-Secure.

Hypponen warned that if Microsoft ships Monad with Vista and it is
enabled by default this could lead to an "outbreak of scripting
viruses." Microsoft may choose to ship the tool as an add-on or
disable it by default to reduce the risk, he added.

Microsoft initially planned to include Monad in Vista, formerly known
by its Longhorn code-name. However, company representatives have said
the tool would first ship as a feature of Exchange 12, due in the
second half of 2006. Monad will ship in Windows after that, they said.

Monad is available to testers but is not part of the first Windows
Vista beta, which Microsoft released last week, a company
representative said Thursday. The shell tool also is not included in
the beta of Windows Server 2003 R2, an update to Windows Server due
later this year, the representative said.

"At this time, these reports pose no risk for Microsoft customers,"  
the Microsoft representative said.
Previous Next Microsoft has yet to announce how it will deliver Monad
in the Windows operating system. A source familiar with Microsoft's
plans said it is too early to say whether the new shell will make it
into later beta versions of Windows Vista or the final product.  
Windows Vista is due on store shelves by the end of 2006.

Microsoft could also offer Monad as a downloadable add-on for Windows.

In the December chat, Microsoft representatives specifically addressed
the topic of script attacks. The company is taking measures to prevent
those. For example, Monad will run only scripts that are digitally
signed by a trusted person. Additionally, it won't be possible to
double click on a script and have it run, according to a transcript of
the chat.

The possibility of viruses being aimed at Microsoft's new shell was
discussed at the Virus Bulletin event last year. Eric Chien of
Symantec said at the antivirus industry event that the new tool could
allow the creation of both classic viruses as well as e-mail worms.

Ingrid Marson of ZDNet UK contributed to this story.

More information about the ISN mailing list