NEWS FROM THE LAB - Thursday, August 4, 2005

First "Vista Virus" found Posted by Mikko @ 10:23 GMT

Screenshot of EPO.msh
An Austrian virus writer has published five simple viruses targeting Microsoft MSH in a virus writing magazine. These proof-of-concept viruses will never became a real-world problem, but the case is interesting historically, as these are the first viruses for a totally new platform.

MSH, or Microsoft Command Shell, is a command line interface and scripting language. It's basically a replacement for shells such as CMD.EXE, COMMAND.COM or 4NT.EXE and will ship in 2006. As a command-line front end, MSH resembles many Unix shells quite a bit.

As MSH (codenamed 'Monad') was scheduled to ship as the default shell for Windows Vista (which went to first beta last week), you could argue that these are the first viruses for Windows Vista. However, it has lately been rumoured that MSH might not ship with Vista at all - instead might be part of Microsoft Exchange 2006 or something. We won't know for sure until later.

The possibility of MSH viruses was forecasted last year by researcher Eric Chien (of Symantec) in his presentation in the Virus Bulletin 2004 conference titled "The return of script viruses - an overview of Microsoft Shell". In his presentation Eric concluded: "While Microsoft Shell is still in development, the current versions have enough functionality to allow a variety of malicious threats including file-infecting viruses". Right on.