Microsoft PowerShell targeted by worm

News

Microsoft PowerShell targeted by worm

Antony Savvas

Austrian virus writers have developed malicious code that targets Windows PowerShell, the new command line interface shell and scripting language being developed by Microsoft.

Internet security software firm McAfee has detected the MSH/Cibyz worm. MSH/Cibyz is designed to be spread using the Kazaa peer-to-peer file-sharing network, with the worm running in PowerShell.

PowerShell is due to ship later this year and will be used in products such as Exchange Server 2007.

The worm abuses PowerShell’s ability to execute scripts, by attempting to trick users into downloading and running malicious code.

To do this, it uses a series of product names that may be attractive to Kazaa users.

When run, the worm will overwrite some file types, change registry details and place itself in the machine's Kazaa shared folder, where it can be further spread to other users.

McAfee warned users to be cautious about what files they allow onto their machines from file-sharing networks.

 

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy