Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Virus writers take an early crack at .Net

From: InfoSec News <isn () c4i org>
Date: Thu, 10 Jan 2002 07:25:32 -0600 (CST)
http://news.cnet.com/news/0-1003-200-8424382.html?tag=mn_hd

By Robert Lemos
Staff Writer, CNET News.com 
January 9, 2002, 5:50 p.m. PT 

Virus writers have apparently made the early developer list for
Microsoft's .Net initiative.

On Wednesday, antivirus companies received a copy of the first virus
capable of infecting files based on Microsoft's .Net Intermediate
Language, or MSIL.

Known as W32.Donut, the virus does little but infect other .Net files,
but it shows that the programmers who create such code are looking
ahead, said Motoaki Yamamura, a virus researcher with security
software company Symantec.

"The only interesting part is that it infects a new class of files,"  
he said. "Traditionally, virus writers look for what is coming out
next and look at being the first at spreading viruses and worms on
those new platforms."

W32.Donut is a true virus, infecting files on the computer and
spreading only when those files are moved to a new computer by e-mail
or copying and then opened.

One of every 10 times a file infected with Donut starts up, the virus
will display the message "This cell has been infected by dotNET
virus!" and the author's name. Though the virus spreads to .Net files,
only a small fraction of it is written in MSIL, according to both
Symantec and the author's description of the virus.

It's uncertain whether such a virus could spread among files when
Microsoft's .Net framework is up and running, as the company has
several security checks in place.

Microsoft representatives could not immediately be reached for
comment.

Microsoft.Net is the company's largest push yet to turn its software
into a network over which consumer, business and financial services
can be easily delivered. With the .Net initiative, the Redmond, Wash.,
software giant says it is attempting to build a more secure framework.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: