Technology News: Security: Viruses for Vista Offer Glimpse Into Malware's Future

Viruses for Vista Offer Glimpse Into Malware's Future

By Susan B. Shor
TechNewsWorld
08/05/05 11:00 AM PT

"This software is both interesting and significant, but not because of any threat inherent in it, which is practically nil," security analyst Ed Moyle said. "Instead, it is interesting because of what it might represent for the future evolution of malware in general. It is very unlikely that anybody will actually encounter this exact code in a real-life infection scenario."

Rewriting the Startup Handbook
Starting up a new software company is not very hard, but making it successful requires a willingness to remake old rules to fit the Internet age. Getting venture capital or angel investor funds starts with nailing your story. [Download PDF: 5 pgs | 162k]

Although F-Secure , a Finnish antivirus company, reports that it has discovered the first malicious code targeted at Microsoft's (Nasdaq: MSFT) Windows Vista (formerly code-named Longhorn), the command shell the hacker cracked is not an integral part of the new operating system.

Mikko Hypponen, chief research officer, F-Secure, told TechNewsWorld that the five proof-of-concept viruses the company found are not an indication that Vista has security problems.

"And Monad [the code name for the command shell] might not even ship on Vista, like it was supposed to in the first place," he said.

Quick to Create

The first beta of Vista was released last week. The viruses, named Danom.A through Danom.E, were published the following week by a virus writer who calls himself Second Part to Hell. He maintains a blog at http://spth.host.sk/main.htm.

Microsoft has not confirmed that Monad -- the code name of MSH, the company's new command line and scripting language -- will be fully implemented in Vista's first release. This minimizes the consequences of the potential security problem, but Hypponen said the Danom code is still important.

"These proof-of-concept viruses will never become a real-world problem, but the case is interesting historically, as these are the first viruses for a totally new platform," Hypponen wrote in his F-Secure blog.

Security analyst Ed Moyle, president, SecurityCurve, agrees that the viruses are interesting not for the threat they pose, but for the glimpse they offer into the future.

"This software is both interesting and significant, but not because of any threat inherent in it, which is practically nil," he said. "Instead, it is interesting because of what it might represent for the future evolution of malware in general. It is very unlikely that anybody will actually encounter this exact code in a real-life infection scenario."

'A Whole New Breed'

"On the other hand," Moyle continued, "this software represents very early research into how malware might evolve in the future; looking ahead, I think this might be the foundation for a whole new breed of malware, depending, of course, on how widely deployed Monad becomes and how it will be employed in practice."

The development of the Danom variants also shows how quickly virus writers can find and exploit vulnerabilities.

"We'll likely see some virus writers writing the first Vista viruses just to show off. The real worrisome stuff will follow later," Hypponen said.

F-Secure	Activate Alert \| Search Archives

Microsoft	Activate Alert \| Search Archives

Hacker	Activate Alert \| Search Archives