First Windows Vista Virus Found
First Windows Vista Virus Found
by , 7:00 AM EDT, August 5th, 2005
An Austrian virus writer has published five sample viruses targeting Microsoft's new Windows Vista operating system. While there is little concern they could wreak serious problems, the viruses carry the distinction of being the first to impact an OS that has yet to even be released in final form.
Written in July, the viruses take advantage of MSH, or Microsoft Command Shell, a command line interface and scripting language that is included in the Windows Vista beta code. As MSH was scheduled to ship as the default shell for Windows Vista, it could be argued that these are the first viruses for Windows Vista. However, it has lately been rumoured that MSH might not ship with Vista at all and might instead be part of Microsoft Exchange.
The viruses -- dubbed Danom (Monad backwards) -- were published July 21 by an underground hacker group calling itself the Ready Ranger Liberation Front, according to the computer security company F-Secure. It is not thought the viruses are major cause for concern, but their release does prove their are security vulnerabilities related to the new OS that could cause further problems down the road.
Observer Comments
Seems the anti-virus & security "experts" were just itching to be the first to come up with something. While I'm one of the first to come down on MS when another security flaw is revealed, this time it is wise to stay silent. This thing they describe is anything but a virus. Its a script. The script is executed by a user with admin privileges. This means you have to have physical access to the machine. While it does replace all other scripts that it finds in the system with copies of itself.... so what? You can do that with practically any scriptable OS. It doesn't run automatically and it does not replicate itself to another machine, so how can it be anything other than just a regular old script?
I hope someone who knows more than I do will step up and tell me just how this is a security flaw.
Fri Aug 05, 2005 10:25 am Subject: MS probably likes this
The more holes the beta testers find the more they can close before the next major release of their Beta - then the cycle goes on again. The malicious hackers are going to keep their findings quiet until Vista ships, but at least some holes will e closed before the average customers get their Vista loaded computers from Dull.
By the way - where is RC?
Fri Aug 05, 2005 10:58 am Subject: the sky is falling!
Saying it is a Vista virus is misleading -- http://www.microsoft-watch.com/article2/0,1995,1844190,00.asp?kc=MWRSS02129TX1K0000535
It should be more than obvious by now that M$ designs malware into their products. It’s a “feature,†not a “bug!â€
QuoteThe only good troll is an absent (or dead) troll. I too am glad she's not here.Guest wrote:QuoteGuest wrote:
By the way - where is RC?
WTF?? DO YOU MISS HER???
geezuz, im happy that there is no rc here yet.....
Fri Aug 05, 2005 9:42 pm Subject: Why is anyone concerned about virusus on their windows? Thee
Why is anyone concerned about virusus on their windows? They re billions ands billions of virusus out there, inside and outside your house, your body, your car, your job. So how do you expect any kind of windows to keep em out. I for one am more concerned with thieves, or maybe even a bird to come flying in thru mine. So i just keep em closed all the time.
So they're viruses that effect Monad, which can be installed on Windows Vista. Not exactly Vista-specific viruses. But hey, nobody should worry that Microsoft suddenly learned how to make a secure operating system, there ought to be tens of thousands of currently existing Windows viruses that are capable of infecting Vista.
"The more holes the beta testers find the more they can close before the next major release of their Beta - then the cycle goes on again"
Uh huh. If it's not serious enough to fatally corrupt Windows every time somebody turns on their computer, Microsoft doesn't care about fixing any problem.
Sun Aug 07, 2005 6:10 am Subject:
I disagree. It is not irresponsible journalism. TMO is reporting what F-Secure has on its website. That is journalism - the propagation and interpretation of information to a wider audience. (I'm sure there are more reliable definitions, but it's the one I'm using for the sake of this argument.)
It then comes down to how much credence you place in F-Secure. On its website it does state that Monad will not be included in Vista. However Monad is available, still, from Microsoft's website.
From F-Secure's description of the viruses:
QuoteDanom viruses are proof-of-concept viruses for Microsoft Command Shell codename Monad. They do infect other Monad scripts, although there is also a cross infector for .MSH, .BAT and .CMD files. […]
VARIANT: Danom.A
This virus searches for .msh files and if such are found it looks for an infection marker "Candela". If the last is not present in the file, the virus appends its code to the victim file.
VARIANT: Danom.B
Danom.B virus infected .msh, .cmd and .bat files. If the infection marker "Candela" is not found, the virus infects by prepending its code. However .bat and .cmd infected files overwrite during infection.
VARIANT: Danom.D
SIZE: 249
This is a small code written to overwrite .msh files with itself. It searches for such files and checks for the length. It tries to infect if the file size is different from the size of the initial infected file.
However due to an error the virus infects one file per run. It infects the last file in alphabetical order, unless it is already infected.
VARIANT: Danom.E
This is similar to Danom.A but it prepends the virus code to the victim files.
They may just be proof-of-concept viruses, but they are still viruses. Microsoft can bleat all it likes, but this is still a weakness in its new OS's security.
To be honest, i do not think that my MSH-virus are viruses for Microsoft Windows Vista. And I have not mentioned in my article "Monad Virus Infection" that it IS a Longhorn (yes, the time of writing it was still named Longhorn) virus - but a virus for Monad - the time of writing the future command shell.
I see that the first virus for MS Vista has been created by Retro (http://securityresponse.symantec.com/avcenter/venc/data/msil.idonus.html)
About the discussion if it's a virus or not: Starting from version b (my numbering - prepender -> appender -> EPO -> crossinfection) they are REAL viruses, infecting real MSH files. No reason for discuss about that fact.
What will be the next step? Virus for Microsoft Windows Vista Professional 64bit Edition Beta? Sure, some of us have already the DVD infront of them...
kindly regards,
Second Part To Hell/rRlf
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated November 8th
- Sun, 11:59 AM
- Mac Geek Gab Podcast - MGG 226: Magic Mouse, Apple Battery Secrets, Q&A
- Sat, 7:58 PM
- News - Apple TV 3.0.1 Update Fixes Missing Content Bug
- Fri, 7:45 PM
- Rumor - Taiwan Leak Shows Verizon UTMS/CDMA iPhone for Q3 2010
- 6:40 PM
- News - iPhone Moves Into RadioShack
- 6:30 PM
- News - Apple to Open Stunning Paris Apple Store in Le Louvre on Saturday
- 5:43 PM
- Free on iTunes - Dictionary, Dictionary, Dictionary, And More
- 4:09 PM
- John Martellaro's Blog - Particle Debris (week ending 11/6) Failure IS an Option
- 3:32 PM
- Games - The Latest App Store Games: Gravity Sling, RocketBird, Ground Effect, Checkers!
- 2:25 PM
- Games - Star Soccer 2010 for Mac Puts Gamers in Role of Up-and-Coming Player
- 2:15 PM
- How-To - The Mysteries of Rosetta Housekeeping
- 1:33 PM
- News - iPhone Game Developer Sued for Collecting User’s Cell Numbers
- 1:17 PM
- Games - Warhammer Online Expands Trial Play Option
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Get the Right Memory for Your Mac Top Quality, Competitive Price, Lifetime Backed Free Expert Support + Installation Videos too! MacBook & mini 8GB, iMac 16GB, Mac Pro up to 32GB. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
