Eric Chien Symantec Security Response
While new classes of viruses are discovered each year, few are of concern and even less result in widespread outbreaks, except in the case of script viruses. The emergence of new scripting platforms has resulted in major milestones in the history of viruses. In 1995, the first Word macro virus was discovered and eventually led to the W97M/Melissa outbreak in 1999. In 1998, VBS/Rabbit was the first Visual Basic Scripting language virus, and it led to the VBS/Loveletter outbreak in 2000.
Microsoft plans to ship a new scripting platform known as Microsoft Shell (MSH). Based on .NET, Microsoft Shell is similar to the current Command Interpreter (cmd.exe) however, it is far more robust and similar in some respects to current Unix shells. Microsoft Shell is currently planned for Microsoft Windows XP, Windows 2003, and will likely ship by default on new versions of Windows such as Longhorn.
This paper will discuss the key functionality of Microsoft Shell, in particular those functions that allow malicious threats to be created. The new scripting language is robust enough to allow the creation of both classic viruses as well as email worms. The associated presentation will also demonstrate the possibility of these classic viruses, email worms, and other interesting threats utilizing the new MSH scripting interface.