The author of the Austrian computer virus has completed a set of malware, specifically destroying the command column interface shell developed by Microsoft and the command language product PowerShell.
Security enterprise McAfee issued a warning that the company has found this group of programs named "MSH/Cibyz. The computer worm used the Kazaa File Sharing Network to spread and locked the PowerShell launched in the second half of this year. Microsoft's PowerShell, formerly known as Monad, will be one of the company's future products, such as Exchange 2007.
Instead of exploiting specific PowerShell security vulnerabilities, the new worm uses the product's ability to execute commands to lure users into downloading and executing malicious programs. Kazaa users may be attracted by some product names of interest, and then download the program. Once executed, the worm will overwrite some format files and change the registration information, then, the shared folder Kazaa of the affected host is automatically added to continue to spread.
Such threats have existed for many years. Most anti-virus software should be able to detect and uninstall such worms. McAfee's security products can provide this protection, but users should be cautious about files on P2P networks.
It is generally believed that MSH/Cibyz and another virus that locked PowerShell last summer should be carried out by the same group. At that time, PowerShell was expected to be added to Vista, but then Microsoft decided to release the product, making F-Secure, the first Vista virus, criticized.