Virus writers take an early crack at .Net

'W32.Donut' specifically aims at Microsoft's .Net programming language, showing that virus writers are thinking ahead

Virus writers have apparently made the early developer list for Microsoft's .Net initiative.

On Wednesday, antivirus companies received a copy of the first virus capable of infecting files based on Microsoft's .Net Intermediate Language, or MSIL.

Known as W32.Donut, the virus does little but infect other .Net files, but it shows that the programmers who create such code are looking ahead, said Motoaki Yamamura, a virus researcher with security software company Symantec.

"The only interesting part is that it infects a new class of files," he said. "Traditionally, virus writers look for what is coming out next and look at being the first at spreading viruses and worms on those new platforms."

W32.Donut is a true virus, infecting files on the computer and spreading only when those files are moved to a new computer by email or copying and then opened.

One of every 10 times a file infected with Donut starts up, the virus will display the message "This cell has been infected by dotNET virus!" and the author's name. Though the virus spreads to .Net files, only a small fraction of it is written in MSIL, according to both Symantec and the author's description of the virus.

It's uncertain whether such a virus could spread among files when Microsoft's .Net framework is up and running, as the company has several security checks in place.

Microsoft representatives could not immediately be reached for comment.

Microsoft.Net is the company's largest push yet to turn its software into a network over which consumer, business and financial services can be easily delivered. With the .Net initiative, the Redmond, Washington software giant says it is attempting to build a more secure framework.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

For everything Internet-related, from the latest legal and policy-related news, to domain name updates, see ZDNet UK's Internet News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All