“Virus writers took another shot at Microsoft’s .Net vision. On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft’s newest computer language, C#, and designed to infect computers loaded with the .Net framework. Antivirus company Network Associates gave the infectious program a “low” rating for risk but highlighted it as the second example of a virus writer attempting to infect parts of the .Net framework.” Read the rest of the story at C|Net.
Sharpei Virus Hits C# Note
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
that reminds me the Irish Potato disaster…
Ah yes I love the smell of a virus in the morning.
Anybody who trusts MS security please stand on your head.
Is anyone really suprised?
did we ever see a virus written for Java, the competitor of the .NET framework with J2EE ???
I’m not sure but one security concern was about sandboxes, does JavaVM behave correctly?
Yes the Java VM behaves. It runs code in a sandbox so this sort of thing can’t happen.
Thus you can’t have a java virus running in the wild. Here is some info on strange brew, which was supposed to be the first java virus. Of course it was a non issue.
http://www.stiller.com/javav.htm
direct from sun.
http://java.sun.com/marketing/collateral/security.html
“The business end of the Java security model is conveniently
described by using the metaphor of the Sandbox. The sandbox
comprises a number of cooperating system components,
ranging from security managers that execute as part of the
application, to security measures designed into the Java Virtual
Machine* (JVM) and the language itself. The sandbox ensures
that an untrusted-and possibly malicious-application cannot gain
access to system resources. “
Thanks everyone for the answer!
Doesn’t this only apply to applets, but not to Java applications?
Applets are the only code that gets automagically executed on a users machine so this is where you see the sandbox security model.
Applications may be programmed to cause damage (like delete all your files) but who downloads applications and runs them from untrusted sources anyway?
Any programming language that guaranteed against mischief when running an application would not be very useful at all (no file I/O, etc.)
C# provides the ability to write unsafe code. Also, given MS’s track record, .NET is probably not very secure anyway. Given those two facts, I think we’ll be seeing many viruses written for the .NET platform in the near future.
I would imagine that virus writers look forward to the newest technologies just like everyone else. I think that .NET probably provides a more enjoyable platform to write viruses for than Outlook.
Hooray Microsoft!
…is the virus MS themselves unleash on the unsuspecting public.
http://story.news.yahoo.com/news?tmpl=story&u=/nf/20020222/tc_nf/16…
Applications may be programmed to cause damage (like delete all your files) but who downloads applications and runs them from untrusted sources anyway?
In that case, this virus won’t be a problem in the wild, either, since it has to be downloaded and run on the source system, just like the previous .Net (Donut) virus that was released to anti-virus companies. For that matter, LoveLetter isn’t a problem, since the end user has to download and run it.
The language it was written in really makes no difference (and that’s pretty much stated in the article, as well), because any language that can make an executable file can do the same thing, as long as it has access to an API the OS understands.
The language it was written in really makes no difference (and that’s pretty much stated in the article, as well), because any language that can make an executable file can do the same thing, as long as it has access to an API the OS understands.
In the end, it is probably still easier to write viruses in C or C++.