A group of hackers has targeted Microsoft's PowerShell - before the company has even released the scripting technology in a commercial product.
According to security company McAfee, MSH/Cibyz!p2p is a proof-of-concept worm written in Windows PowerShell script that attempts to spread via the peer-to-peer application KaZaa by dropping a copy of itself in its shared folders.
Windows PowerShell is a command-line shell and task-based scripting technology that provides control and automation of system administration tasks, according to information on Microsoft's website. It also includes a scripting language that enables automation of Windows system administration tasks.
Forthcoming products Exchange Server 2007 and System Center Operations Manager 2007 will be built on Windows PowerShell, Microsoft said.
The MSH/Cibyz!p2p prototype infects PowerShell by dropping a copy of itself in the shared folders of KaZaa, and reads the path to the default download direction of the application from the "HKEY_CURRENT_USER\Software\Kazaa\LocalContent\DownloadDir" registry key. To lure users into downloading and executing its files, the worm uses names of popular applications for its dropped copy, according to McAfee.
McAfee has rated the both the home- and corporate-user risk for the worm prototype as "low."