Hackers already aiming for Vista

By Matt Whipp

Posted on 4 Aug 2005 at 14:50

Hackers are already working on viruses for Microsoft's upcoming Vista platform.

According to Finnish security experts F-Secure, an Austrian virus writer known as 'Second Part to Hell' - from the 'Ready Rangers Liberation Front' group - has published his efforts on writing virus code for Vista's MSH (Microsoft Shell) command line interface, including five viruses.

F-Secure's Director of Anti-Virus Research Mikko H. Hyppönen told us that although, as the first Vista viruses, 'they are of historical importance, they're really not a real world risk.'

He described them as 'really simple, really basic,' with properties such as self-propagation, but not much more. 'However, Microsoft's MSH scripting language is really versatile,' he said. 'You can basically control any component with it ... you can send email straight from the command line, you can connect to web services ... In functionality it's similar to Unix.'

Yet plans for MSH remain unclear. Wininsider reports that the shell might be dropped from the release of Vista, as there was as yet no product scheduled in which it was due to ship, but Microsoft declined to comment further.

No bad thing, says Hyppönen. Such a capable tool would probably remain untouched in the machines of many consumers and would prove more a security hazard than an improvement. 'As a power user myself I would love to have it in my own computer, but not in my mother's computer,' he said.

It all depends on whether Microsoft has plans to build services into Vista that rely on MSH to function.

Still, even if MSH is disabled or removed from Vista on the desktop, it might still make an appearance in server products such as Exchange Server 12. But even here systems such as mail and web servers would still be vulnerable, deployed at the network perimeter.