Worm targets Microsoft software even before release

Microsoft Corp. has not released its PowerShell scripting technology in commercial products yet, but a group of hackers has already written a prototype virus for it.

According to security company McAfee Inc., MSH/Cibyz!p2p is a proof-of-concept worm written in Windows PowerShell script that attempts to spread via the peer-to-peer application KaZaa by dropping a copy of itself in its shared folders.

Windows PowerShell is a command-line shell and task-based scripting technology that provides control and automation of system administration tasks, according to information on Microsoft’s Web site. It also includes a scripting language that enables automation of Windows system administration tasks.

Forthcoming products Exchange Server 2007 and System Center Operations Manager 2007 will be built on Windows PowerShell, Microsoft said.

The MSH/Cibyz!p2p prototype infects PowerShell by dropping a copy of itself in the shared folders of KaZaa, and reads the path to the default download direction of the application from the “HKEY_CURRENT_USER\Software\Kazaa\LocalContent\DownloadDir” registry key. To lure users into downloading and executing its files, the worm uses names of popular applications for its dropped copy, according to McAfee.

McAfee has rated the both the home- and corporate-user risk for the worm prototype as “low.” More information about the worm prototype can be found on McAfee’s site at http://vil.nai.com/vil/content/v_140292.htm .

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now