Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vista Tool Targeted By Virus Writers

Posted by CowboyNeal on from the infectious-diseases dept.

An anonymous reader writes "Five proof-of-concept viruses that target Monad, the next version of Vista's command prompt, have been published on the web. Monad is a command line interface and scripting language that is similar to Unix shells such as bash, but is based on object-oriented programming and the .Net framework. The viruses' only action is to infect other shell scripts on the host's operating system. They would cause little harm in the wild, but would be relatively easy to modify using the information from the article, said Mikko Hyppönen, the director of antivirus research at F-Secure."

15 of 293 comments (clear)

  1. Short on Details by Anonymous Coward · · Score: 3, Interesting
    There are always virus writers who want to be the first to write a virus for a new platform.
    I don't see what a big deal being the first person to write a virus for Vista is. Oh, first post!

    But seriously, this article is very light on the details. I assume that these virus writers found a way to gain administrative rights using Monad, but the article makes it sound like these are just malicious scripts. It might as well be a advanced batch script that can spread it self then del /s /q.
    1. Re:Short on Details by Coryoth · · Score: 5, Interesting

      You got it right when you said "it might as well be a batch script." These are just Monad scripts running on the system, just like batch files, perl scripts, Cygwin bash scripts, Ruby scripts, etc.

      Yes but you must remember that F-Secure are a bunch of alarmist gits who will jump at any opportunity to seed panic with regard to threats of viruses, hackers, "cyberterrorists" (if such a thing even exists), and whatever else they can dream up. Read through a decent sampling of their past press releases and you'll get the idea.

      Certainly there are potential issues, but I don't think there's really anything to panic about yet.

      Jedidiah.

      --
      Craft Beer Programming T-shirts
    2. Re:Short on Details by IdleTime · · Score: 2, Interesting

      Wow! MS apologistrs are out in force today!

      I honestly chuckled when I read the article. Not that I hate MS in any ways, in fact I dual boot and tend to use Windows more than linux due to work. But honestlt, did ANYONE really believe that the next product out of MS would be ANY safer than previous products? I know that is what MS themselves claim they are focusing on, security that is, but with their trackrecord, I'd be surprised if we see less than 250 viruses over the first year or so after they release Vista.

      Anyhow, Vista is a product that will never get close to my PC anyway. XP will be the last MS product to find their way to my harddrives. The more I read about Vista, the more convinced I become in regards to how this product is designed to lock you down and let everyone else but you control how YOUR PC work at all time.

      --
      If you mod me down, I *will* introduce you to my sister!
  2. Comments from a Monad developer by Leeji · · Score: 5, Interesting

    The fact that MSH is used as the execution vehicle is really a side-note, as it does not exploit any vulnerabilities in Monad. The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do.

    That's not to belittle the dangers of script viruses, though.

    I wrote a blog entry about it here, in relation to Monad.

    --
    It all goes downhill from first post ...
    1. Re:Comments from a Monad developer by shmlco · · Score: 4, Interesting
      I don't see why they can't lock it down firewall-style. When XYZ application runs and tries to hit a reserved directory or section of the registry, popup a window saying so and ask if you want to allow it.

      You might not even need the popup. My firewall on a couple of machines has a database it can go out to search and see if this application is "known" and should have access.

      It might be less secure than a total limited-account-lockdown, but it would be better than nothing. In fact, I think the latest version of ZoneAlarm already has this sort of "inner firewall".

      --
      Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
  3. Nothing serious i must say by Anonymous Coward · · Score: 4, Interesting

    Something which requires you to execute a script on the computer is not a virus. Think if you execute a bash script in Linux and it goes on and put itself in all your bash scripts, would you call it a virus?

    This is actually nothing, it simply prepends/appends or put itself in the middle of existing MSH scripts. It is equivalent to, if you run a binary on your machine, it can attach itself to all the binaries on your machine.

    On top of that, MSH by default on let digitally signed scripts to execute hence once infected scripts on execute. This is not really a threat at all.

  4. From the Article: by Anonymous Coward · · Score: 1, Interesting
    "Five proof-of-concept viruses that target Monad, the next version of Microsoft's command prompt, were included in a recently published virus writing magazine, according to Mikko Hyppönen, the director of antivirus research at F-Secure."


    I'm certain this comment will pit Slashdoter against Slashdoter, but with all the so called "free speech" that is actively being censored one subject at a time today, why is it that these people aren't under the sociopolitical microscope for publishing this kind of information?

    Furthermore and looking at the situation from a different angle, not long ago I heard (or read, I can't remember which) someone in the government refer to the writing of malicious code and hacking of computer systems (especially crucial and/or sensitive ones) was to be considered an "act of terrorism." Now tell me, if I or anyone else can be arrested for training people how to commit "acts of terrorism" in the real world, why hasn't this applied to the digital world as yet?

  5. Re:Oopsie! by jmking1 · · Score: 4, Interesting
    That's exactly the reasoning people used in support of Firefox before 1.0 was released. I don't see why it can't be used for any beta software.

    Oh, and just for completeness, vulnerabilities have been found in Firefox since 1.0, so the argument that only Microsoft releases "beta" (read: vulnerable/insecure) code as production-level software doesn't work either.

  6. Leibnitz is rolling is his grave by calculadoru · · Score: 3, Interesting

    Quoth the wise man in his treatise Monadology (1714):
    "There is also no way of explaining how a monad can be altered or changed in its inner being by any other created thing, since there is no possibility of transposition within it, nor can we conceive of any internal movement which can be produced, directed, increased or diminished within it, such as can take place in the case of compounds where a change can occur among the parts. The monads have no windows through which anything may come in or go out. The Attributes cannot detach themselves or go forth from the substances, as could sensible species of the Schoolmen. In the same way neither substance nor attribute can enter from without into a monad."

    And they they've managed to attack them??? Oh, the humanity...

    --
    The power of accurate observation is commonly called cynicism by those who have not got it. -- G.B. Shaw
  7. Re:What's the motivation by dedazo · · Score: 4, Interesting
    Maybe it's because they pound their chests and declare they're the most secure, cheapest, bestest, fastest, etc, etc, even when there's overwhelming evidence to the contrary.

    Yeah, it sucks when that happens.

    Of course you can always "embargo" all your vulnerability details (see for example bug #294795) - and feel comfortable in your superior position!

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  8. So bloody what ? by polyp2000 · · Score: 2, Interesting

    As much as i despise microsoft and avoid using windows at whatever cost. They have not released Vista to end users yet. The purpose of a beta is to find out what the problems and issues are and resolve them. Wait until they release a final before criticising I am sure there will be plenty of viruses and bugs to get excited about then! (How else are they going to continue shipping their AV software ?)

    --
    Electronic Music Made Using Linux http://soundcloud.com/polyp
  9. Re:Not a vulnerability by dedazo · · Score: 2, Interesting
    The real issue

    The real issue is that I do not want a case-sensitive file system, or one that requires me to do all sorts of command line incantations to run a script. It's not my fault that Joe User and his 1,000,000 friends are stupid.

    In any case, I can send you a tarball with the execute bit turned on and ask you to unpack it and run the REAL COOL ANNA KOURNIKOVA SCREENSAVER!!!, and chances are you'll do it. Chances are when Linux hits the "big time" there will be something slightly more functional than FileRoller out there. Chances are you'll give me your root password if I ask for it nicely. Chances are your assumptions or superiority are unfounded. People got infected with worms that came in on password protected zip files. Do you think you can engineer away user stupidity? That's scary.

    to hide the file extension from the user

    Bad design call, yes. OTOH, I could care less, I always turn it off.

    Does longcock

    OMFG, you're hilarious.

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  10. Re:How is this different from *NIX shell scripts? by Antique+Geekmeister · · Score: 2, Interesting

    I remember it too. There's a good chance it could happen again: it would have to spread via HTTP, SMTP, and SSH vulnerabilities to use ports that aren't blocked on gateway systems, rather than telnet and rsh, and woould perhaps also require probing VPN setups to gain access from infected machines to corporate networks. But a better built package more aimed at damage could easily replicate its password guessing and replation capability and cause quite a lot more damage today. People should be concerned about this stuff. It's amazing how Morris never spent a day in jail, but instead is now a professor at MIT ( http://pdos.csail.mit.edu/~rtm/ ). Gee, writing destructive worms that ruined systems worldwide, and help ruin your father's career as head of the NSA must really be work which MIT wants to foster as part of their "ubiquitous computing" developments. That's just what I'd look for as part of the computing in my home!

  11. Straight from the horses mouth by xfmr_expert · · Score: 2, Interesting

    From a Dec. 2004 "chat": Q: How is security addressed in Monad? A: This is a very board topic. We spend a lot of time on security. One of the common questions is "are we reintroducing script attacks?". We are doing a number of things to mitigate those exposures. 1) we will not have a doc handler for .msh files (this means that you won't be able to double-click a .msh file and have it run). 2) We'll have a policy that only allows signed scripts (from people you trust) to run (we'll then make it easy for you to sign scripts).

  12. Wait my friends by lord_rob+the+only+on · · Score: 2, Interesting

    It's just a beta product. All flaws are not fixed yet.

    I suppose you all remember when Whistler (codename for windows XP) came out, it was full of bugs and security holes. This is normal, it's a beta. Now we all know that Windows XP is stable and secure as hell *cough cough*