Want CNET to notify you of price drops and the latest stories?

Virus writers take an early crack at .Net

Infectious code writers are looking to the future: They've already come out with an experimental virus that targets .Net, though it does little real damage--yet.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Virus writers have apparently made the early developer list for Microsoft's .Net initiative.

On Wednesday, antivirus companies received a copy of the first virus capable of infecting files based on Microsoft's .Net Intermediate Language, or MSIL.

Known as W32.Donut, the virus does little but infect other .Net files, but it shows that the programmers who create such code are looking ahead, said Motoaki Yamamura, a virus researcher with security software company Symantec.

"The only interesting part is that it infects a new class of files," he said. "Traditionally, virus writers look for what is coming out next and look at being the first at spreading viruses and worms on those new platforms."

W32.Donut is a true virus, infecting files on the computer and spreading only when those files are moved to a new computer by e-mail or copying and then opened.

One of every 10 times a file infected with Donut starts up, the virus will display the message "This cell has been infected by dotNET virus!" and the author's name. Though the virus spreads to .Net files, only a small fraction of it is written in MSIL, according to both Symantec and the author's description of the virus.

It's uncertain whether such a virus could spread among files when Microsoft's .Net framework is up and running, as the company has several security checks in place.

Microsoft representatives could not immediately be reached for comment.

Microsoft.Net is the company's largest push yet to turn its software into a network over which consumer, business and financial services can be easily delivered. With the .Net initiative, the Redmond, Wash., software giant says it is attempting to build a more secure framework.