Prototype worm targets Windows PowerShell

Hackers have written a prototype worm for Windows PowerShell, though the technology is not commercial yet.

Microsoft has not released its PowerShell scripting technology in commercial products yet, but a group of hackers has already written a prototype virus for it.

According to security company McAfee, MSH/Cibyz!p2p is a proof-of-concept worm written in Windows PowerShell script that attempts to spread via the peer-to-peer application KaZaa by dropping a copy of itself in its shared folders.

Windows PowerShell is a command-line shell and task-based scripting technology that provides control and automation of system administration tasks, according to information on Microsoft's Web site. It also includes a scripting language that enables automation of Windows system administration tasks.

Forthcoming products Exchange Server 2007 and System Center Operations Manager 2007 will be built on Windows PowerShell, Microsoft said.

The MSH/Cibyz!p2p prototype infects PowerShell by dropping a copy of itself in the shared folders of KaZaa, and reads the path to the default download direction of the application from the "HKEY_CURRENT_USER\Software\Kazaa\LocalContent\DownloadDir" registry key. To lure users into downloading and executing its files, the worm uses names of popular applications for its dropped copy, according to McAfee.

McAfee has rated the both the home- and corporate-user risk for the worm prototype as "low." More information about the worm prototype can be found on McAfee's site at http://vil.nai.com/vil/content/v_140292.htm.

Join the newsletter!

Error: Please check your email address.

More about KaZaAMcAfee AustraliaMicrosoftNAIVIA

Show Comments