Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sharpei Virus Written In C#

Posted by timothy on from the state-of-the-art-security-focus dept.

josepha48 points to a CNET article on a new worm written in C# and partly aimed at the .Net framework, excerpting: "On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework."

5 of 242 comments (clear)

  1. Re:It's NOT a .NET virus! by Masa · · Score: 5, Informative
    The virus is _NOT_ a .net program, it's NOT running on the .net platform and it's NOT messing around with files from managed code.

    Here is a description by F-Secure and it claims that one part of the virus is actually using .NET:

    http://www.fsecure.com/v-descs/blunt.shtml

  2. Read the technical details at Symantic by Carnage4Life · · Score: 5, Informative

    I just looked at the Symantec write up for W32.HLLP.Sharpei@mm and from what I read its primarily just another social engineering email-with-executable-attachment worm ("Please run this MSFT update") which happens to use C# in some of the code it runs after it has 0wn3d your machine.

    The fact that the worm tries to run a C# executable after it has already compromised the machine is not much of a technical feat since it could run anything including a Perl script, Java program, Lisp code, etc as long as the runtimes were available on the target machine.

    Disclaimer: The opinions expressed in this post are mine and mine alone and do not reflect the opinions, wishes, strategies or intentions of my employer.

  3. Re:What about Java virii? by InfoSec · · Score: 5, Informative

    The problem is that the JRE has a security manager which, unless the user mucks it up, won't allow virii to access the local machine or resources (i.e. address book).

    --

    Wherever you go, there I am...
  4. Re:What about Java virii? by jaavaaguru · · Score: 5, Informative

    The JRE lives in a directory where normal users don't have write permission to. This is definitely the case in UNIX/Linux and our Win NT based machines at home are also set up this way. If someone installs something into a directory that is world writable, then they should be prepared for these kind of things to happen. If an OS insists on putting important things in silly places, then maybe software manufacturers for that OS should make their users aware of this and possible change the permissions on directories after their software has installed? If Windows XP treats users as dumbasses, why should these same users be expected to know anything about securing their system?

    --
    Follow me
  5. Worm with a virus payload by prockcore · · Score: 5, Informative

    This is actually a win32 worm, with a .net virus payload.

    " On PCs loaded with Windows XP and other .Net-enabled computers, however, Sharpei would additionally infect files in four other folders. If those files were opened, the virus would run again."

    The .net half is a true virus, and spreads among .net executables.