The return of script viruses

Eric Chien Symantec Security Response

While new classes of viruses are discovered each year, few are of concern and even less result in widespread outbreaks, except in the case of script viruses. The emergence of new scripting platforms has resulted in major milestones in the history of viruses. In 1995, the first Word macro virus was discovered and eventually led to the W97M/Melissa outbreak in 1999. In 1998, VBS/Rabbit was the first Visual Basic Scripting language virus, and it led to the VBS/Loveletter outbreak in 2000.

Microsoft plans to ship a new scripting platform known as Microsoft Shell (MSH). Based on .NET, Microsoft Shell is similar to the current Command Interpreter (cmd.exe) however, it is far more robust and similar in some respects to current Unix shells. Microsoft Shell is currently planned for Microsoft Windows XP, Windows 2003, and will likely ship by default on new versions of Windows such as Longhorn.

This paper will discuss the key functionality of Microsoft Shell, in particular those functions that allow malicious threats to be created. The new scripting language is robust enough to allow the creation of both classic viruses as well as email worms. The associated presentation will also demonstrate the possibility of these classic viruses, email worms, and other interesting threats utilizing the new MSH scripting interface.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.