By Susan B. Shor TechNewsWorld
08/05/05 11:00 AM PT
"This software is both interesting and significant, but not because of any threat inherent in it, which is practically nil," security analyst Ed Moyle said. "Instead, it is interesting because of what it might represent for the future evolution of malware in general. It is very unlikely that anybody will actually encounter this exact code in a real-life infection scenario."
Although F-Secure, a Finnish antivirus company, reports that it has discovered the first malicious code targeted at Microsoft's (Nasdaq: MSFT) Windows Vista (formerly code-named Longhorn), the command shell the hacker cracked is not an integral part of the new operating system.
Mikko Hypponen, chief research officer, F-Secure, told TechNewsWorld that the five proof-of-concept viruses the company found are not an indication that Vista has security problems.
"And Monad [the code name for the command shell] might not even ship on Vista, like it was supposed to in the first place," he said.
Quick to Create
The first beta of Vista was released last week. The viruses, named Danom.A through Danom.E, were published the following week by a virus writer who calls himself Second Part to Hell. He maintains a blog at http://spth.host.sk/main.htm.
Microsoft has not confirmed that Monad -- the code name of MSH, the company's new command line and scripting language -- will be fully implemented in Vista's first release. This minimizes the consequences of the potential security problem, but Hypponen said the Danom code is still important.
"These proof-of-concept viruses will never become a real-world problem, but the case is interesting historically, as these are the first viruses for a totally new platform," Hypponen wrote in his F-Secure blog.
Security analyst Ed Moyle, president, SecurityCurve, agrees that the viruses are interesting not for the threat they pose, but for the glimpse they offer into the future.
"This software is both interesting and significant, but not because of any threat inherent in it, which is practically nil," he said. "Instead, it is interesting because of what it might represent for the future evolution of malware in general. It is very unlikely that anybody will actually encounter this exact code in a real-life infection scenario."
'A Whole New Breed'
"On the other hand," Moyle continued, "this software represents very early research into how malware might evolve in the future; looking ahead, I think this might be the foundation for a whole new breed of malware, depending, of course, on how widely deployed Monad becomes and how it will be employed in practice."
The development of the Danom variants also shows how quickly virus writers can find and exploit vulnerabilities.
"We'll likely see some virus writers writing the first Vista viruses just to show off. The real worrisome stuff will follow later," Hypponen said.
Hackers Exploit iTunes Success With New Worm July 20, 2005
Graham Cluley, senior technology analyst at anti-virus firm Sophos Labs, told MacNewsWorld that he has seen instant messaging worms in the past, but they've never had the same kind of impact as e-mail-aware worms or Internet worms like Sasser. His feeling is that this WORM_OPANIKI.Y, which Sophos calls W32/Oscabot-L, is no different.
Related Stories
Windows Vista: Killer Product or Dud? August 01, 2005
Based on my experience with large firms, success is actually the long shot. For me this feels like a repeating theme: As companies increase in size it often becomes more important for those in power to get the final say than to be successful.
Microsoft Drawing Fire for Choice of 'Windows Vista' Name July 26, 2005
Branding experts vary on whether Windows Vista is a good name, but most agree that it will be Microsoft's reputation, how well the product works and the specific marketing push made when the operating system is launched that will determine its success in the long run, rather than the name it's sold under.
Related News Alerts
More by Susan B. Shor
Salesnet President Jonathan Tang Ready to Take On Salesforce.com February 07, 2006
"We think it's Salesnet's time now. We've been around since the beginning, we've been lying low, but you're going to start to see more of us. We've done it through organic growth and happy customers. We continue to focus on customers."
Comcast Follows Time Warner in Offering 'Family' Programming Tier December 23, 2005
"The demand for this type of tier is coming from the FCC and Christian conservatives. It has nothing to do with legitimate consumer demand," Todd Chanko, senior analyst at Jupiter Media, told the E-Commerce Times.
High-Risk Flaw Found in Symantec's Software December 22, 2005
"Part of the significance of this vulnerability announcement is that your machine can be exploited without you needing to do anything at all. You don't even have to open an e-mail or attachment, and this happens with the default configuration of the product," said Forrester Research senior analyst Michael Gavin.
Headline Feeds
Talkback: 
