Microsoft Corp. has not released its PowerShell scripting technology in commercial products yet, but a group of hackers has already written a prototype virus for it.
According to security company McAfee Inc., MSH/Cibyz!p2p is a proof-of-concept worm written in Windows PowerShell script that attempts to spread via the peer-to-peer application KaZaa by dropping a copy of itself in its shared folders.
Windows PowerShell is a command-line shell and task-based scripting technology that provides control and automation of system administration tasks, according to information on Microsoft’s Web site. It also includes a scripting language that enables automation of Windows system administration tasks.
Forthcoming products Exchange Server 2007 and System Center Operations Manager 2007 will be built on Windows PowerShell, Microsoft said.
The MSH/Cibyz!p2p prototype infects PowerShell by dropping a copy of itself in the shared folders of KaZaa, and reads the path to the default download direction of the application from the “HKEY_CURRENT_USER\Software\Kazaa\LocalContent\DownloadDir” registry key. To lure users into downloading and executing its files, the worm uses names of popular applications for its dropped copy, according to McAfee.
McAfee has rated the both the home- and corporate-user risk for the worm prototype as “low.” More information about the worm prototype can be found on McAfee’s site at http://vil.nai.com/vil/content/v_140292.htm .