As forecasted last year at the Virus Bulletin 2004 conference by Symantec researcher Eric Chien (pictured), viruses targeting the MSH shell, or Microsoft Command Shell (codenamed "Monad") have now been devised by an Austrian virus writer as proof-of-concept of a possible exploit. It isn't known at this writing if MSH will be shipping with Windows Vista, but it is widely expected that the possibility of "Vista viruses" will be a hot topic for discussion at Microsoft's Professional Developers Conference (PDC 2005) next month.

Command Shell in Windows XP is a separate software program that provides direct communication between the user and the operating system. The non-graphical command shell user interface provides the environment in which users run character-based applications and utilities. The command shell executes programs and displays their output on the screen by using individual characters similar to the MS-DOS command interpreter Command.com.

Users can also use the Windows Script Host, CScript.exe, to run more sophisticated scripts in the command shell.

The Finnish security site F-secure calls the MSH shell "basically a replacement for shells such as CMD.EXE, COMMAND.COM or 4NT.EXE and will ship in 2006. As a command-line front end, MSH resembles many Unix shells quite a bit."

F-secure also notes:

"The possibility of MSH viruses was forecasted last year by researcher Eric Chien (of Symantec) in his presentation in the Virus Bulletin 2004 conference titled "The return of script viruses - an overview of Microsoft Shell". In his presentation Eric concluded: 'While Microsoft Shell is still in development, the current versions have enough functionality to allow a variety of malicious threats including file-infecting viruses'."

The Austrian virus writer published the "proof-of-concept" viruses in a virus writing magazine. They do infect other "Monad" scripts, although there is also a cross infector for .MSH, .BAT and .CMD files.