Slashdot Mirror

← Back to Stories (view on slashdot.org)

PowerShell Security Threats Greater Than Ever, Researchers Warn (computerweekly.com)

Posted by msmash on from the security-woes dept.

Microsoft's Windows PowerShell configuration management framework continues to be abused by cyber attackers, according to researchers at Symantec, who have seen a surge in associated threats. From a report on ComputerWeekly: More than 95% of PowerShell scripts analysed by Symantec researchers have been found to be malicious, with 111 threat families using PowerShell. Malicious PowerShell scripts are on the rise, as attackers are using the framework's flexibility to download their payloads, traverse through a compromised network and carry out reconnaissance, according to Candid Wueest, threat researcher at Symantec.

6 of 129 comments (clear)

  1. Well... by The-Ixian · · Score: 4, Insightful

    Good thing MS had the foresight to make sure that non-signed PS scripts aren't executable by default.

    Of course... sysadmins generally disable that restriction just like they turn of UAC... MS makes a security measure and people disable it and then complain that MS is so insecure.

    But then Linux is insecure in a lot of the same ways... it's only as secure as the weakest link... which is generally the apps running on it.

    --
    My eyes reflect the stars and a smile lights up my face.
  2. Re:Replacing CMD by Junta · · Score: 3, Insightful

    Actually, CMD would be in theoretically worse shape if evaluated apples to apples. However, powershell *puroports* to have security features like execution policies and signing, so it draws more scrutiny. Those are pretty much useless in practice because a cmd script is not subjected to that scrutiny and can just modify the executionpolicy of powershell at will if it really wanted to do some nefarious stuff that required powershell (though they could easily use pretty much any language they want).

    --
    XML is like violence. If it doesn't solve the problem, use more.
  3. Re:Replacing CMD by houstonbofh · · Score: 4, Insightful

    Or, to rephrase, powerful tools are powerful tools. The main reason PowerShell can do more damage is because it can do more stuff.

  4. Re:RTFA by Anonymous Coward · · Score: 2, Insightful

    Yeah... RTFA really doesn't help in this case.

    That meaningless statistic, is just as meaningless both before and after reading the article.

    And nice bit of work from the article author managing to get this particular link in to that paragraph:
    href="file:///C:/Users/washford/Documents/4%20Thursday/Microsoft%E2%80%99s%20Windows%20PowerShell%20configuration%20management%20framework"

    Shocking conclusion though, apparently executables and scripts downloaded from the internet can be malicious, who would have thought that!?

  5. Well duh by Billly+Gates · · Score: 4, Insightful

    WHen you run powershell as an admin it can do bad things. Who would have thought? I wonder if Linux is vulnerable if someone is logged in as root?

    Powershell is not enabled with an execution policy by default. It has to be enabled and most people do not even know what it is so this is no threat? At work we have a GPO that blocks powershell for any non AD admin.

    --
    http://saveie6.com/
  6. Re:Microsoft Bash to the rescue by tepples · · Score: 1, Insightful

    how is bash - or any of the other unix-based shells, such as ksh, ssh, ash thru zsh - any more secure than PowerShell?

    Not allowing the equivalent of ShellExecute on a script without the execute bit set, and saving files downloaded from the Internet without the execute bit.