An Austrian hacker earned the dubious distinction of writing what are thought to be the first known viruses for Microsoft Corp.’s Windows Vista operating system. Written in July, the viruses take advantage of a new command shell, code-named Monad, that’s included in the Windows Vista beta code.
The viruses were published last month in a virus-writing tutorial written for an underground hacker group calling itself the Ready Ranger Liberation Front, and take advantage of security vulnerabilities in the new command shell. Unlike the traditional Windows graphical user interface, which relies heavily on the mouse for navigation, command shells allow users to use powerful text-based commands, much like Windows’ predecessor, DOS.
The viruses were written by a hacker calling himself “Second Part To Hell” and published on July 21, just days after Monad was publicly released by Microsoft, according to Mikko Hypponen, chief research officer at Helsinki, Finland-based F-Secure Corp. Second Part To Hell is the pseudonym of an Austrian-based hacker who also goes by the name Mario, Hypponen said.
Because of its sophistication, the new command shell offers new opportunities for hackers, Second Part To Hell wrote in the tutorial, a copy of which was obtained by the IDG News Service. “Monad will be like Linux’s BASH (Bourne Again Shell) — that means a great number of commands and functions,” he wrote. “We will be able to make as huge and complex scripts as we do in Linux.”
F-Secure has named the virus family Danom (Monad in reverse). After examining the code, Hypponen said that the Danom family is disruptive but not capable of causing significant damage to Windows users. “These are proof-of-concept viruses where virus writers want to break new ground and write the first viruses for a new platform.”
Most security experts had not expected to see a Windows Vista virus so soon, Hypponen said. “The only surprise here is that it came so early. It’s been eight days since the beta of the operating system was out.”
Monad was released several days prior to the Windows Vista beta.
Still, Danom’s release does raise questions about whether Microsoft should enable the Monad shell by default in Windows Vista.
Because Monad’s scripting capabilities will be used only by advanced users, Hypponen believes Microsoft should not offer the software as part of the standard Windows Vista package when it becomes commercially available in the second half of 2006. This would make the software less prevalent, and therefore less attractive to virus writers, he said.
Microsoft “got burned,” by including similar software, called Windows Script Host, by default in its Windows 2000 operating system, he said. “Since it was on the system, all the virus writers were exploiting it.”
Microsoft was unable to immediately comment.
… shells allow users to use powerful text-based commands, much like Windows’ predecessor, DOS.
- The text-based commands in DOS weren’t at all powerful.
- These text-based commands were always available in Windows.
- Powerful scripting is available for Windows, check out BASH (which isn’t Linux specific, BTW), which can be obtained as part of Cygwin (which is the first thing I download when I’m required to use Windows).