Slashdot Mirror
Sharpei Virus Written In C#
josepha48 points to a CNET article on a new worm written in C# and partly aimed at the .Net framework, excerpting: "On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework."
A virus that tries to infect the .NET framework. Wow... Like we didn't see it coming, what with the hatred of Microsoft and all. Whoever wrote it could've thought of a better name though.
They take all of the power of Java and then throw in all of the security vulnerabilities of C/C++. It's only inevitable that C# is going to cuase all sorts of headaches for people like me (Security professionals).
Wherever you go, there I am...
And guess what? It's implemented in C#. And when run, it will screw up other folders on the system. Imagine, if you will, a computer language, somewhere, that somehow, could not be used to write this virus. I'm drawing a blank, but I'm sure there will be lots of +5 funny responses.
Since my current sig just confuses everyone anyway, maybe I should change it to "$5 for a thousand pages of this!?" and save everyone the typing.
Did you read the article? They send an executable file, and ask the recipient to execute it. WTF are Microsoft going to do about that, short of hooking in a virus scanner by default into Outlook that auto-updates behind the user's back every time they connect to the Internet, and refuses to display mails that have a virus?
Oh, and before you say that they *should* do this, firstly think about people who may have a legitimate reason to want to download a virus[1] and secondly, think of the accusations of monopolistic practices - I can't see Norton, McAffee et al taking that without a fight.
Back to the subject, what else can Microsoft do about blatant user stupidity in the face of so much publicity about email viruses over the past year?
[1] I wrote a website that allowed users to upload documents available for public download. Being a community spirited sort of chap I included a server side virus scan, and needed a copy of a virus in order to test it was working. I was sent a copy of I Love You in the end by a friend. See, I really did mean there are legitimate reasons.
what else can Microsoft do about blatant user stupidity
1. sandbox any executable
2. introduce an executable bit into the file system so that downloades CANT auto execute
that's 2 things off the top of my head.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
You have quotes and references to the same security analysts making both of these claims?
it seems this is not a true .net virus but it does bring up some interesting possibilities regarding the gnome project. ximian has professed to wanting gnome 4 to use the .net framework. so either they'll code it in such a way to avoid all the security issues in microsoft's .net, or they'll have the same security issues.
.net implementation avoids security issues it's a pr disaster for microsoft. ditto if it has the same bugs as it will show a design flaw in .net.
in some ways either "wins." if the main linux
otoh it will "lose" - anti-virus companies will be against linux for taking away their product stream. and if the same security flaws show up then it removes a major distinguishing item from a linux desktop.
US Citizen living abroad? Register to vote!
This *additonal* behavior that affects .NET enabled computers is the part that could possibly be written in C#, and it looks like it's not responsible for any of the bulk emailing...
.NET compiled down to MSIL. Here's a cut from the Symantec writeup: The replication code of the virus is written in C# and compiled to MSIL...
.NET files. The first one was W32.Donut (even though W32.Donut doesn't actually infect the MSIL part of the executable, but the one containing the normal X86 code).
.NET virus. When there is a virus that infects the MSIL (Microsoft Intermediate Language) code, then I think it qualifies as a .NET virus. All the .NET virus we have seen so far appear to be attempts by viruswriters to get media attention, and as we can see, it worked :-/
You are correct, this is the only part that is written in
The emailing routine is done by dropping a VBS file that enumerates the outlook addressbook sending an email to everyone in there.
This is said to be the second virus that infects
In my opinion, we still haven't seen the first *true*
Let's see.
Code Red
Code Blue
Nimda
ILOVEYOU
Papa
BadTrans
Anna
And this list continues.
Sharpei exploits a "hole" in Outlook that was patched over two years ago. If you don't patch, you're still vulnerable, so what do you do short of driving across the country and cramming patches down people's throats? Do you think everyone in the world has already patched their PHP problems? Can you answer that question?
demonstrating the kinds of things that COULD happen should Outlook's holes and bugs not be patched up.
What holes? Stupid users or allowing those stupid users to open attachments? Should Microsoft release some kind of version of Windows that doesn't allow stupid users to execute whatever they want?
I don't think so, people should just stop executing unknown e-mail attachments.
At that point in time, they will con(vince) the government that virus-writers are terrorists, that terrorists are per default trying to kill people and destroy the economy and that as a result of that, that the government should invoke the death penalty for all virus writers.
Of course the upside of that, is that it only takes very little effort to prove, that Windows is a virus, and that every OS writer at Microsoft should be put against the wall and shot.
We do not live in the 21st century. We live in the 20 second century.
More successful virus writers use Microsoft compared to any other operating system. You too can be a successful virus writer. Get in on the cutting edge made by a company that knows how to mess with people.
[/sarcasm]
etc.
I just call all of these these Microsoft viruses. Makes life much easier.
"It is a greater offense to steal men's labor, than their clothes"
There is a difference between using something, and messing with something.
.Net framework files are digitally signed. If this virus were to try to infect the .Net framework it would not like that at all.
:-)
/. Linux/anti-MS crowd needs to become a little bit more technically inclined. They're so damn gullible to articles like this.
The
Unless of course Verisign handed out the keys again.
Anyway, the