The Register®

Original URL: http://www.theregister.co.uk/2002/03/04/csharp_virus_pitched_against_net/

C# virus pitched against .NET

Sharpei is low risk, but worrying

By John Leyden

Posted in Anti-Virus, 4th March 2002 14:45 GMT

A new virus uses Microsoft's C# language to target .EXE files under the Microsoft .NET Framework.

The Sharpei mass-mailer targets machines running .NET and consists of three components: a simple file dropper program, a mass mailer which uses Microsoft Outlook to spread, and a .NET component.

Although considered low risk, Sharpei is noteworthy because the replication code of the virus is written in C#. This makes closer to a platform-independent .NET virus than Donut, which caused a stir as the 'first' (purportedly) .NET virus in January.

Mikko Hyppönen, manager of anti-virus research at F-Secure, said Donut only contained a .NET wrapper around a traditional Windows virus, whereas Sharpei runs on .NET natively.

Sharpei affects only machines running Intel architectures but .NET viruses are a concern for the future because it could become an avenue to infect PDAs and smartphones, he added.

".NET compatible implementations on PDAs are still at least a year off but when they come in it might be possible to create mobile viruses by accident," Hyppönen warned.

Sharpei tries to pass itself off as a Windows security update, and the unlikely event you see it (the virus isn't spreading widely) it might drop into your In-box with the subject: "Important: Windows update" and an infected attachment, MS02-010.exe.

Microsoft never sends out security updates by email, but the gullible recipients who fall for this trick will activate Sharpei. The virus is explained in more detail here (http://www.europe.f-secure.com/v-descs/blunt.shtml).

Antivirus vendors are updating their tools to detect Sharpei (which, unusually, was written by a female virus writer called Gigabyte), and protection is now largely in place. ®

Related Stories

.NET virus is .NOT - Microsoft (http://www.theregister.co.uk/content/archive/23673.html)
Donut virus highlights holes in .NET (http://www.theregister.co.uk/content/56/23622.html)
.NET may lead to fewer viruses (http://www.theregister.co.uk/content/archive/21929.html)
Hybrid viruses set to become bigger threat (http://www.theregister.co.uk/content/archive/23050.html)
Rise in viruses within emails outpacing growth of email (http://www.theregister.co.uk/content/8/18099.html)