Virus writers in Austria have reportedly developed malicious code that targets Windows PowerShell, the command line interface (CLI) shell and scripting language product being developed by Microsoft.
Security firm McAfee warned this week that it had detected the worm, called MSH/Cibyz.
MSH/Cibyz is designed to spread using the Kazaa file-sharing network, and the worm runs in PowerShell, which is due to ship in the second half of this year. PowerShell will underpin future Microsoft products such as Exchange Server 2007.
The worm doesn't exploit a specific security hole in PowerShell. Instead, it abuses the product's ability to execute scripts, by attempting to trick users into downloading and running malicious code. To do this, it uses a series of product names that may be attractive to Kazaa users. If run, the worm will overwrite some file types, change registry details and place itself in the machine's Kazaa shared folder in order to spread.
This type of threat isn't specific to PowerShell, and has existed for many years. It's likely that most commercial malware protection would be able to detect and remove a worm that behaved in this way. McAfee said its own security software will offer protection, but users should also be cautious when receiving files from P2P networks.
It's thought that the group behind MSH/Cibyz was also responsible for a virus last summer targeting PowerShell. F-Secure was criticised for identifying this as "the first virus to target Vista". At the time, PowerShell, earlier known as Monad, was expected to be included in Vista, but Microsoft subsequently laid out a separate release schedule for the product.
ZDNet UK's Jonathan Bennett contributed to this report.
Talkback
Learn the details about this issue by visiting the Windows PowerShell team blog at:
http://blogs.msdn.com/powershell/archive/2006/08/03/687838.aspx
Experience the real-deal by downloading and installing Windows PowerShell yourself
by going to
http://www.Microsoft.Com/Downloads
and searching for term
"Windows PowerShell"
Jeffrey Snover [MSFT]
Windows PowerShell/Aspen Architect
Why would I want to download and install a Release Candidate version re-released not that long ago?
Might as well wait until Q4 2006 and see what kind of RTW version will be available by then. And if it'll run on W2K as well by then because there's plenty of that to maintain out there as well. Also, what about a signed version for redistribution purposes? Last I read on your blog that is a no-no.