Want CNET to notify you of price drops and the latest stories?

Sharpei virus hits C# note

Virus writers aim for .Net again with a computer worm written in Microsoft's newest language for the Internet-wide framework.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Virus writers took another shot at Microsoft's .Net vision.

On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework.

Antivirus company Network Associates gave the infectious program a "low" rating for risk but highlighted it as the second example of a virus writer attempting to infect parts of the .Net framework.

"It would work without using (C#)," said Vincent Gullotto, vice president of research for Network Associates' antivirus emergency response team. "It's just another try at .Net."

In January, the Donut worm made marginal use of .Net components by attempting to infect components of the framework. Microsoft later dismissed the labeling of the program as a .Net worm.

Microsoft could not be reached for comment on Friday about the Sharpei worm.

Sharpei is "not in the wild"--a term used by the antivirus industry to mean that no customers have yet been infected--but if released, the virus would merely be a mass-mailing worm on most computers.

The worm appears in an e-mail with the subject line "Important: Windows update" and the following message attached:
Hey, at work we are applying this update because it makes Windows over 50% faster and more secure. I thought I should forward it as you may like it.

If the attachment is opened, then the worm uses the Outlook address book to send messages--with a copy of the virus attached--to every address in the book. It then deletes the e-mails from the sent folder and removes the copy of itself.

On PCs loaded with Windows XP and other .Net-enabled computers, however, Sharpei would additionally infect files in four other folders. If those files were opened, the virus would run again.