The return of script viruses
Eric Chien Symantec Security Response
While new classes of viruses are discovered each year, few are of concern and even less
result in widespread outbreaks, except in the case of script viruses. The emergence of
new scripting platforms has resulted in major milestones in the history of viruses. In
1995, the first Word macro virus was discovered and eventually led to the W97M/Melissa
outbreak in 1999. In 1998, VBS/Rabbit was the first Visual Basic Scripting language
virus, and it led to the VBS/Loveletter outbreak in 2000.
Microsoft plans to ship a new scripting platform known as Microsoft Shell (MSH). Based
on .NET, Microsoft Shell is similar to the current Command Interpreter (cmd.exe)
however, it is far more robust and similar in some respects to current Unix shells.
Microsoft Shell is currently planned for Microsoft Windows XP, Windows 2003, and will
likely ship by default on new versions of Windows such as Longhorn.
This paper will discuss the key functionality of Microsoft Shell, in particular those
functions that allow malicious threats to be created. The new scripting language is robust
enough to allow the creation of both classic viruses as well as email worms. The
associated presentation will also demonstrate the possibility of these classic viruses,
email worms, and other interesting threats utilizing the new MSH scripting interface.
