|The author of the Modan viruses published information about his malicious code online.|
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have urged customers not to panic over media reports of the first viruses said to affect the forthcoming Windows operating system, Windows Vista.
Yesterday, five viruses were discovered written in MSH (also known as Microsoft Shell or Monad), a command line interface and scripting language being developed by Microsoft. MSH was originally scheduled to be shipped with Windows Vista (the recently announced new name for the next generation of Microsoft's Windows operating system previously known as Longhorn), but it is now believed to be likely that MSH's first public release will be as part of the next edition of Microsoft Exchange.
The viruses, which have been named Modan, were all written by the same virus writer, who is believed to be Austrian and goes by the handle "Second Part To Hell".
"These viruses are more a proof-of-concept than anything that should seriously worry businesses, as they are extremely unlikely to spread," said Graham Cluley, senior technology consultant for Sophos. "However, it is possible that the flexibility of the MSH scripting language will be exploited in the future by other virus writers and hackers. We may see an echo of the past, when malware such as the Love Bug and Anna Kournikova worms successfully spread by using scripting languages."
Even though they do not present a real world threat, Sophos has automatically updated customers against the MSH/Modan-A, MSH/Modan-B, MSH/Modan-C, MSH/Modan-D, and MSH/Modan-E viruses.
"Media reports that these are the first instances of Vista-specific viruses are inaccurate. These viruses need MSH to operate, not Windows Vista," continued Cluley.
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against viruses and spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.