Slashdot Mirror


Sharpei Virus Written In C#

josepha48 points to a CNET article on a new worm written in C# and partly aimed at the .Net framework, excerpting: "On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework."

3 of 242 comments (clear)

  1. Re:Another Outlook worm by gazbo · · Score: 5, Insightful

    Did you read the article? They send an executable file, and ask the recipient to execute it. WTF are Microsoft going to do about that, short of hooking in a virus scanner by default into Outlook that auto-updates behind the user's back every time they connect to the Internet, and refuses to display mails that have a virus?

    Oh, and before you say that they *should* do this, firstly think about people who may have a legitimate reason to want to download a virus[1] and secondly, think of the accusations of monopolistic practices - I can't see Norton, McAffee et al taking that without a fight.

    Back to the subject, what else can Microsoft do about blatant user stupidity in the face of so much publicity about email viruses over the past year?

    [1] I wrote a website that allowed users to upload documents available for public download. Being a community spirited sort of chap I included a server side virus scan, and needed a copy of a virus in order to test it was working. I was sent a copy of I Love You in the end by a friend. See, I really did mean there are legitimate reasons.

  2. Re:Not sure I'd call this a .NET virus by muffen · · Score: 5, Insightful

    This *additonal* behavior that affects .NET enabled computers is the part that could possibly be written in C#, and it looks like it's not responsible for any of the bulk emailing...

    You are correct, this is the only part that is written in .NET compiled down to MSIL. Here's a cut from the Symantec writeup: The replication code of the virus is written in C# and compiled to MSIL...

    The emailing routine is done by dropping a VBS file that enumerates the outlook addressbook sending an email to everyone in there.

    This is said to be the second virus that infects .NET files. The first one was W32.Donut (even though W32.Donut doesn't actually infect the MSIL part of the executable, but the one containing the normal X86 code).

    In my opinion, we still haven't seen the first *true* .NET virus. When there is a virus that infects the MSIL (Microsoft Intermediate Language) code, then I think it qualifies as a .NET virus. All the .NET virus we have seen so far appear to be attempts by viruswriters to get media attention, and as we can see, it worked :-/

  3. MS: Favorite OS of Criminals Everywhere by Alien54 · · Score: 4, Insightful
    Get Microst C# today. Be on the cutting edge of Microsoft Virus spreading technology.

    More successful virus writers use Microsoft compared to any other operating system. You too can be a successful virus writer. Get in on the cutting edge made by a company that knows how to mess with people.

    [/sarcasm]

    etc.

    I just call all of these these Microsoft viruses. Makes life much easier.

    --
    "It is a greater offense to steal men's labor, than their clothes"