Language Selection

English French German Italian Portuguese Spanish

Windows Vista tool targeted by virus writers

Filed under
Microsoft

Virus writers have published what are thought to be the first examples of malicious code targeting an expected feature of Microsoft's Windows Vista operating system, around a week after the first beta of the next-generation operating system was released.

Five proof-of-concept viruses that target Monad, the next version of Microsoft's command prompt, were included in a recently published virus writing magazine, according to Mikko Hyppönen, the director of antivirus research at F-Secure.

Monad is a command line interface and scripting language that is similar to Unix shells such as BASH, but is based on object-oriented programming and the .Net framework. It was initially expected in Vista, but Microsoft hinted a couple of months ago that it may not be ready for initial versions of the Vista client or server. However, Microsoft has confirmed that Monad will be included in Exchange 12, the next version of the company's collaboration server due in the second half of 2006.

The proof-of-concept viruses, along with detailed explanations of how they work, were included in a magazine that was published on the Web over the last week. The viruses' only action is to infect other shell scripts on the host's operating system. They would cause little harm in the wild, but would be relatively easy to modify using the information from the article, said Hyppönen in a blog posting on Thursday.

He warned that if Microsoft ships Monad with Vista and it is enabled by default this could lead to an "outbreak of scripting viruses". Microsoft may choose to ship the tool as an add-on or disable it by default to reduce the risk, he added.

Even if Microsoft fixes this problem, virus writers are probably working hard to find other holes in the operating system itself, according to Hyppönen.

"There are always virus writers who want to be the first to write a virus for a new platform. I wouldn't be surprised if we see a virus targeting Vista itself soon," he said.

The Monad viruses were written by a virus writer who calls himself "Second Part To Hell" and is believed to live in Austria, according to Hyppönen.

The final version of Vista for the client is due to ship in Autumn 2006 with the server expected in 2007.

Microsoft was unable to comment in time for this article.

By Ingrid Marson
ZDNet UK

Virus target won't be in Vista

This is how M$ deals with it:

"Monad will not be included in the final version of Windows Vista," Stephen Toulouse, a program manager in Microsoft's security group, said in a blog posting. "So these potential viruses do not affect Windows Vista."

Microsoft is responding to the online publication of five examples of malicious code that target Monad. The tool was initially intended to be included in Vista. When news of the exploits came out, it triggered reports that they would be the first viruses for Windows Vista.

That story on cnet.
----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Linux and Graphics: AMD, Linux 4.14 LTS, Etnaviv Gallium3D

  • Linux 4.14 Ensures The "Core Performance Boost" Bit Gets Set For AMD Ryzen CPUs
    Recently making waves in our forums was talk of a kernel patch to address a case where the AMD CPB (Core Performance Boost) isn't being exposed by Ryzen processors. Here's more details on that and some benchmarks. Being talked about recently is f7f3dc0: "CPUID Fn8000_0007_EDX[CPB] is wrongly 0 on models up to B1. But they do support CPB (AMD's Core Performance Boosting cpufreq CPU feature), so fix that."
  • Linus Torvalds Is Confident That Linux Kernel 4.14 LTS Will Arrive on November 5
    Development of Linux 4.14, the next LTS (Long Term Support) kernel series, continues with the fifth RC (Release Candidate) milestone, which was announced by Linus Torvalds himself this past weekend. According to Linus Torvalds, things have finally starting to calm down for the development of the Linux 4.14 LTS kernel, and it looks like the RC5 snapshot is smaller than he would have expected, at least smaller than last week's RC4, which is a good thing, meaning that there won't be need for eight RCs during this cycle.
  • Etnaviv Gallium3D Is Almost To OpenGL 2.0 Compliance
    The Etnaviv Gallium3D driver that provides reverse-engineered, open-source graphics support for Vivante graphics hardware is almost to exposing OpenGL 2.0. Etnaviv contributor Christian Gmeiner today posted a set of patches for adding occlusion queries support to the driver. The code at just over one thousand lines of code is the last major feature needed for exposing desktop OpenGL 2.0 capabilities with this community-driven driver.
  • AMD Developers Begin Making Open-Source FreeSync/AdaptiveSync Plans
    While the AMDGPU DC code is expected to land for Linux 4.15 with goodies like Vega display support, HDMI/DP audio, and atomic mode-setting, one of the sought after display features won't be initially supported: FreeSync or the VESA-backed AdaptiveSync. As we've known for a while, while AMDGPU DC fills out the requirements for being able to support FreeSync, the last bits of the implementation are not present as the interfaces are basically yet to be decided among the open-source driver developers. While AMD can post their existing FreeSync code as found in AMDGPU-PRO hybrid driver, they are trying to come up with a more standardized interface that will satisfy the other upstream Linux driver developers too that might want to support AdaptiveSync.

Servers and Red Hat: Cloud Foundry, Docker, CRI-O 1.0, Alibaba and Elasticsearch

  • How to deploy multi-cloud serverless and Cloud Foundry APIs at scale
    Ken Parmelee, who leads the API gateway for IBM and Big Blue’s open source projects, has a few ideas about open-source methods for “attacking” the API and how to create micro-services and make them scale. “Micro-services and APIs are products and we need to be thinking about them that way,” Parmelee says. “As you start to put them up people rely on them as part of their business. That’s a key aspect of what you’re doing in this space.”
  • Docker Opens Up to Support Kubernetes Container Orchestration
    There's been a lot of adoption of Kubernetes in the last few years, and as of Oct. 17 the open-source container orchestration technology has one more supporter. Docker Inc. announced at its DockerCon EU conference here that it is expanding its Docker platform to support Kubernetes. Docker had been directly competing against Kubernetes with its Swarm container orchestration system since 2015. The plan now is to provide a seamless platform that supports a heterogenous deployment that can include both Swarm and Kubernetes clusters. "Docker adapts to you because it's open," Docker founder Solomon Hykes said during his keynote address at DockerCon.
  • Introducing CRI-O 1.0
    Last year, the Kubernetes project introduced its Container Runtime Interface (CRI) -- a plugin interface that gives kubelet (a cluster node agent used to create pods and start containers) the ability to use different OCI-compliant container runtimes, without needing to recompile Kubernetes. Building on that work, the CRI-O project (originally known as OCID) is ready to provide a lightweight runtime for Kubernetes.
  • Red Hat brings its open source solutions to Alibaba Cloud
    Alibaba Cloud has joined the Red Hat Certified Cloud and Service Provider program, with Red Hat solutions to become directly available to Alibaba Cloud customers in the coming months.
  • Elasticsearch now on Alibaba Cloud, eyes China market
    The Amsterdam-based company behind Elasticsearch and Elastic Stack said the new offering would be available to Alibaba Cloud customers as an add-on, giving them access to real-time search, logging, and data analytics capabilities.

Software: VirtualBox 5.1.30, Cockpit 153, GNOME Mutter 3.27.1, KDE Neon

  • Oracle Releases VirtualBox 5.1.30 to Patch Glibc 2.26 Compile Bug on Linux Hosts
    Oracle released VirtualBox 5.1.30, a minor maintenance update to the open-source and cross-platform virtualization software that addresses a few important issues reported by users from previous versions. Coming one month after the VirtualBox 5.1.28 release, which probably most of you out there use right now on your personal computers, VirtualBox 5.1.30 contains a fix for a Glibc 2.26 compilation bug for Linux hosts and a 3D-related crash for Windows guest that use the Windows Additions package.
  • Cockpit 153
    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 153.
  • GNOME Mutter 3.27.1 Brings Hybrid GPU Support
    Mutter 3.27.1 has just been released as the first development release for the GNOME 3.28 cycle of this compositor / window manager. The change most interesting to us about Mutter 3.27.1 is support for hybrid GPU systems. The context for the hybrid GPU system support is explained via this bug report, "supporting systems with multiple GPUs connected to their own connectors. A common configuration is laptops with an integrated Intel GPU connected to the panel, and a dedicated Nvidia/AMD GPU connected to the HDMI ports."
  • #KDE #KDENEON Release bonanaza! Frameworks, Plasma, KmyMoney and Digikam

Intel Ads as 'Articles'