A seventeen-year-old female hacker calling herself Gigabyte/Metaphase is taking credit for writing the first-ever virus written in Microsoft's newest programming language C#.
The W32/[email protected]
virus, identified Monday, targets the .NET framework through a worm comprised of three parts: a dropper program, a mailer, and a .NET component.
Anti-virus experts with Anti-Virus Emergency Response Team (AVERT) and others consider this one a LOW risk and say it is not currently in the wild.
But it is currently making the rounds through millions of e-mail in-boxes based on its request to update the Windows platform.
The message looks like this:
Hey, at work we are applying this update because it makes Windows over 50% faster and more secure. I thought I should forward it as you may like it.
The attachment is identified as: MS02-010.exe
After opening the .EXE attachment, the worm checks whether the Microsoft .NET framework is installed. If so, it then copies itself to C:\MS02-010.exe. It also drops the file "sharp.vbs" which contains codes that allow it to send itself through Microsoft Outlook.
When the attachment in run, the local system is infected. The MS02-010.exe file is saved to the root directory. The executable first checks if the .NET framework is installed. If it is not, the virus simply drops the file sharp.vbs in the current directory and runs it. The VBScript file carries out the mail routine, deleting any email messages that were successfully sent by the virus.
The script is detected as VBS/Scrambler with the 4140 DATs (or higher). The .EXE file also deletes this VBScript file after it executes.
If the .NET framework is installed, the virus prepends .EXE files in the WINDOWS directory and three subdirectories in the PROGRAM FILES folder.
This is the second virus to attack the .NET platform, but the first to be written in C# (pronounced C Sharp).
Certainly the most unique thing about the virus say virus watchers is the author from the Netherlands.
"To my knowledge, she is one of the only female virus writers out there," says AVERT vice president Vinny Gullotto. "She used to write mostly visual basic script style viruses, which made her more of a script kiddy. But, this time she has added a little more.
Galgullotto says he has a feeling Gigabyte is female based on the inner text of the scripts.
Gigabyte also claims responsibility for the Scrambler, Crakly and Buffy viruses.
Microsoft has not commented on the LOW risk virus
Original article from: Internet.com News
Written by: Michael Singer