Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vista Tool Targeted By Virus Writers

Posted by CowboyNeal on from the infectious-diseases dept.

An anonymous reader writes "Five proof-of-concept viruses that target Monad, the next version of Vista's command prompt, have been published on the web. Monad is a command line interface and scripting language that is similar to Unix shells such as bash, but is based on object-oriented programming and the .Net framework. The viruses' only action is to infect other shell scripts on the host's operating system. They would cause little harm in the wild, but would be relatively easy to modify using the information from the article, said Mikko Hyppönen, the director of antivirus research at F-Secure."

7 of 293 comments (clear)

  1. Comments from a Monad developer by Leeji · · Score: 5, Interesting

    The fact that MSH is used as the execution vehicle is really a side-note, as it does not exploit any vulnerabilities in Monad. The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do.

    That's not to belittle the dangers of script viruses, though.

    I wrote a blog entry about it here, in relation to Monad.

    --
    It all goes downhill from first post ...
    1. Re:Comments from a Monad developer by stratjakt · · Score: 5, Insightful

      They've stated that they dont care if legacy apps break, and they proved it (somewhat) with XP SP2, and an anti-spyware tool which kicks the crap out of a lot of old code.

      I'm sure I'm not the only developer out there who's had to rewrite some stuff to keep XP happy. And, despite the extra work, I see it as a good thing.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:Comments from a Monad developer by starling · · Score: 5, Funny

      Yabbut if they'd chosen one of those other names the GNU version wouldn't end up being called Gonad.

      Sneaky, huh?

  2. Re:Short on Details by Leeji · · Score: 5, Informative

    You got it right when you said "it might as well be a batch script." These are just Monad scripts running on the system, just like batch files, perl scripts, Cygwin bash scripts, Ruby scripts, etc.

    There is nothing intrinsic in Monad that enables these attacks, aside from it being a new language. In fact, Monad implements several features that help mitigate the dangers of traditional script viruses, as I outline here.

    --
    It all goes downhill from first post ...
  3. How is this different from *NIX shell scripts? by MagikSlinger · · Score: 5, Insightful

    How is this different than writing a ksh or bash script virus? Ksh and bash script viruses can be just as bad. Heck, remember the Morris worm?

    I like bashing M$ just as much as the next ./er, but this might not be their bad just yet.

    --
    The bitter lessons of a veteran coder: http://bitterprogrammer.blogspot.com
  4. Re:Short on Details by Coryoth · · Score: 5, Interesting

    You got it right when you said "it might as well be a batch script." These are just Monad scripts running on the system, just like batch files, perl scripts, Cygwin bash scripts, Ruby scripts, etc.

    Yes but you must remember that F-Secure are a bunch of alarmist gits who will jump at any opportunity to seed panic with regard to threats of viruses, hackers, "cyberterrorists" (if such a thing even exists), and whatever else they can dream up. Read through a decent sampling of their past press releases and you'll get the idea.

    Certainly there are potential issues, but I don't think there's really anything to panic about yet.

    Jedidiah.

    --
    Craft Beer Programming T-shirts
  5. Re:What? Say it isn't so! by patio11 · · Score: 5, Insightful

    This just in! Running arbitrary code from an untrusted source not a security best-practice!

    --
    Help poke pirates in the eyepatch, arr.