Hackers try to crack Windows PowerShell

By | August 2, 2006

Virus writers in Austria have reportedly developed malicious code that targets Windows PowerShell, the command line interface shell and scripting language product being developed by Microsoft.

Security company McAfee warned this week that it had detected the worm, called MSH/Cibyz. MSH/Cibyz is designed to spread using the Kazaa file-sharing network, and the worm runs in PowerShell, which is due to ship in the second half of this year. PowerShell, formerly known as Monad, will underpin future Microsoft products such as Exchange Server 2007.

The worm doesn´t exploit a specific security hole in PowerShell. Instead, it abuses the product´s ability to execute scripts by attempting to trick users into downloading and running malicious code. To do this, it uses a series of product names that may be attractive to Kazaa users. If run, the worm will overwrite some file types, change registry details and place itself in the machine´s Kazaa shared folder in order to spread.Read Full Story

Leave a Reply