Attacks on .NET - Un'CLR future presented at Virus Bulletin 2002

by Francisco fernandez Guerra (Panda Software),


Summary : "

Microsoft has been working on the .NET Framework over three years, in
an attempt to simplify the development of fast and effective
applications for any platform or device. By allowing applications to
share data over the Internet, Web services enable developers to
assemble applications from new and existing code, regardless of the
programming language. All these facilities will no doubt be exploited
in the creation of worms and Trojans, and provide even more powerful

This paper examines the potential virus attacks on the .NET Framework
and the implications for anti-virus developers in order that there is
a better understanding of the problems we'll face in the future.

The paper will briefly discuss the .NET executable fo rmat and MSIL
instruction set, exploring the possibilities for the CLR to execute
cross-platform malicious code. Potential virus attacks will be
analysed in detailed, providing ideas to deal with them. We will also
cover the viability of distributed viruses as well as the Compact
Framework for the PDAs and other potential devices.

The Visual Studio .NET final release is already out there, and we
won't have to wait long to witness a new generation of distributed
viruses; it's just a question of time. While virus writers familiarize
themselves with .NET, we should dedicate research time to be prepared
for the next battleground.