News

Hackers fire Donut at .net

Eric Doyle
Virus writers have targeted Microsoft's Web services flagship with a benign program, W32.Donut, which specifically infects .net files.

Donut is a "proof of concept" virus - a prototype bug that is not yet circulating in the wild. Although it does not have a dangerous payload, the virus will spread to files based on the .net-specific Microsoft Intermediate Language (MSIL). Future versions could be malignant.

MSIL files are CPU-independent and are converted on the fly to run on the target processor by a specific just-in-time compiler. This means Donut could feasibly infect systems on any Windows platform, from server to handheld, if .net is ported to other operating systems.

Microsoft is playing down the virus, pointing out that it contains very little MSIL code. Instead it uses a known Windows vulnerability written in Windows code. However, it does indicate the vulnerability of the raft of new application servers and software-as-a-service strategies being developed by Microsoft, Oracle, Hewlett-Packard, IBM, BEA Systems and Sun Microsystems.

With various elements of an application deployed on different computers throughout an organisation or across the Web, the number of vulnerable points is increased.

Kenneth De Spiegeleire, head of security assessment services at Internet Security Systems, said, "The security emphasis is shifting from detection to protection of the asset itself. Rather than using a missile to shoot down specific viruses as they appear, we now require an umbrella of defences to protect all layers of an application."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy