Slashdot Mirror


Sharpei Virus Written In C#

josepha48 points to a CNET article on a new worm written in C# and partly aimed at the .Net framework, excerpting: "On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework."

3 of 242 comments (clear)

  1. Not sure I'd call this a .NET virus by wadetemp · · Score: 5, Interesting


    If the attachment is opened, then the worm uses the Outlook address book to send messages--with a copy of the virus attached--to every address in the book. It then deletes the e-mails from the sent folder and removes the copy of itself.


    .NET exe files won't run unless the framework is present. They are "dead" exes that do nothing when double clicked. So the question is... is the bulk mailer part native code or .NET code? Read on...


    On PCs loaded with Windows XP and other .Net-enabled computers, however, Sharpei would additionally infect files in four other folders. If those files were opened, the virus would run again.

    This *additonal* behavior that affects .NET enabled computers is the part that could possibly be written in C#, and it looks like it's not responsible for any of the bulk emailing... it just runs the native executable portion again, which does the bulk mailing. And by the way, XP is not .NET enabled. I think this is either a hoax or a very misunderstood virus.

  2. Proof of concept? by Alizarin+Erythrosin · · Score: 5, Interesting

    Seems to me this is more like a proof of concept virus, like that one that was written in Flash a while back, demonstrating the kinds of things that COULD happen should Outlook's holes and bugs not be patched up.

    The message body is actually a very misleading one though... I mean, who wouldn't wanna speed up Windows by 50% and make it more secure? We can't get that kind of update, even out of Microsoft!

    --
    There are only 10 kinds of people in this world... those who understand binary and those who don't
  3. Re:SSSCA Impact on Viruses by edhall · · Score: 4, Interesting
    virii would definitely fall under the category of 'interactive digital devices'

    That makes no sense whatsoever. An "interactive digital device" is a piece of hardware, as defined by the SSSCA. Unless you know something about computer viruses that I don't, they hardly qualify as such.

    Even as software, they are highly unlikely to contain the likely-to-be mandated digital signature. And that's the scary part: Microsoft is promoting digital rights management as an anti-virus solution (among other things). Part of the .NET infrastructure is providing the ability of each software component to be signed. Thus the SSSCA dovetails quite nicely with Microsoft's need for better security. And it gives them the opportunity to get even more leverage over non-Microsoft software (not just virunses). Who do you think will control the certification process necessary to get a signature?

    -Ed