Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sharpei Virus Written In C#

Posted by timothy on from the state-of-the-art-security-focus dept.

josepha48 points to a CNET article on a new worm written in C# and partly aimed at the .Net framework, excerpting: "On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework."

6 of 242 comments (clear)

  1. As usual. by Anonymous Coward · · Score: 0, Interesting

    As usual poor code/data seperation..

    They will never learn untill their platform is smashed into little bits by some hacker..

  2. Not sure I'd call this a .NET virus by wadetemp · · Score: 5, Interesting


    If the attachment is opened, then the worm uses the Outlook address book to send messages--with a copy of the virus attached--to every address in the book. It then deletes the e-mails from the sent folder and removes the copy of itself.

    .NET exe files won't run unless the framework is present. They are "dead" exes that do nothing when double clicked. So the question is... is the bulk mailer part native code or .NET code? Read on...


    On PCs loaded with Windows XP and other .Net-enabled computers, however, Sharpei would additionally infect files in four other folders. If those files were opened, the virus would run again.

    This *additonal* behavior that affects .NET enabled computers is the part that could possibly be written in C#, and it looks like it's not responsible for any of the bulk emailing... it just runs the native executable portion again, which does the bulk mailing. And by the way, XP is not .NET enabled. I think this is either a hoax or a very misunderstood virus.

  3. What about Java virii? by petree · · Score: 2, Interesting

    If you actually step outside of the 'yet another microsoft virus' mindset you might be frightened more by the concept, although simple. Why hasn't someone (or has some one) created a virus that attacks the JRE. You could pretty well attack a large number of people by either A) attacking/modifying the JRE or B) Piggybacking java bytecode into other applications. Wouldn't one of these be just as damaging and at the current time even more wide-spread in their effect? Just a couple of thoughts.

    1. Re:What about Java virii? by JKR · · Score: 2, Interesting
      The problem is that the JRE has a security manager which, unless the user mucks it up, won't allow virii to access the local machine or resources (i.e. address book).


      What? Java provides a default SecurityManager object which allows pretty much anything. And anyway, if you can subvert the class loader (e.g. by providing your own) you can do anything you like. The only time you'll see a SecurityManager which does anything is inside a webbrowser.

      Besides the system policy file installed by default is pretty lax. I quote from the Java SDK docs:

      The java.policy file installed with the SDK grants all permissions to standard extensions, allows anyone to listen on un-privileged ports, and...


      Jon.

  4. Proof of concept? by Alizarin+Erythrosin · · Score: 5, Interesting

    Seems to me this is more like a proof of concept virus, like that one that was written in Flash a while back, demonstrating the kinds of things that COULD happen should Outlook's holes and bugs not be patched up.

    The message body is actually a very misleading one though... I mean, who wouldn't wanna speed up Windows by 50% and make it more secure? We can't get that kind of update, even out of Microsoft!

    --
    There are only 10 kinds of people in this world... those who understand binary and those who don't
  5. Re:SSSCA Impact on Viruses by edhall · · Score: 4, Interesting
    virii would definitely fall under the category of 'interactive digital devices'

    That makes no sense whatsoever. An "interactive digital device" is a piece of hardware, as defined by the SSSCA. Unless you know something about computer viruses that I don't, they hardly qualify as such.

    Even as software, they are highly unlikely to contain the likely-to-be mandated digital signature. And that's the scary part: Microsoft is promoting digital rights management as an anti-virus solution (among other things). Part of the .NET infrastructure is providing the ability of each software component to be signed. Thus the SSSCA dovetails quite nicely with Microsoft's need for better security. And it gives them the opportunity to get even more leverage over non-Microsoft software (not just virunses). Who do you think will control the certification process necessary to get a signature?

    -Ed