First Windows Powershell POC Virus MSH/Cibyz released last week.

Last week, a proof of concept virus MSH/Cibyz based on Windows PowerShell was released by members of the RRLF virus group. PowerShell is the new command line shell and scripting language for Microsoft Windows and is seen as a replacement for the default command interpreter shell. It runs on Windows XP, Windows Server 2003, Windows Vista and Windows Longhorn but does not come installed by default as of now. Members of the RRLF group had previously released two proof of concept viruses in the past year targeting Microsoft Windows Vista. First was MSH/Danom a script virus written in Monad, the predecessor to Windows PowerShell and the other was W32/Usined alias MSIL/Idonus that used the .Net framework. Sadly these viruses can’t make the claim to be Windows Vista viruses and are just Microsoft Shell viruses. This doesn’t seem to deter virus authors working overtime to get their creations ready for Windows Vista and Longhorn to ensure they are in the news for all the wrong reasons. With Windows PowerShell offering the functionality to do anything one can do from the graphical user interface, via a command line shell, it makes it an attractive platform for malware authors to write next generation viruses. We don't see these virusus in-the-wild yet and if we will see a lot of those script viruses remains the question but my guess is that after the release of Vista we will be flooded...