20 comments

[ 6.2 ms ] story [ 493 ms ] thread
RIP to the greatest malware-writing language of all time... or at least until everyone adopts PowerShell
Forgeting about JScript?

Powershell can be configured to prevent those attack vectors.

Also hardly any different from people doing "curl | sudo sh" to install random stuff.

Hahaha totally.

I love how a lot of Linux users go and make fun of windows security, but 90% of tutorials go around throwing sudos commands "because why not", with some of them even curling sh files from servers with weird domains.

And the weirdest thing? 99.999% of the time there is not malware involved... but it totally could. It reminds me of those towns where people go to work without locking their doors. It's beautiful and sketchy at the same time.

Just do a curl | more and look over what the script actually does.

Totally.

One file I can send to a non-tech-savvy coworker and they can double click and run. A PowerShell script refuses to run because nanny Microsoft is smarter than you.
Powershell since Windows 10 defaults to require code signing. Developer mode lets you change that back to running local made scripts.

Otherwise there are also settings that allow locally created files but block downloaded powershell files using NTFS alternate data stream tags.

We have web browsers now. Why bother with local programs ? /s
Ah ah! We have governments, why bother with brains !?
Saw Powershell used recently for a Redline Stealer bootstrap. Someone made a game repack with "Advanced Installer" which is legit, but added a plugin DLL which lets them run PS with the same privileges. The installer was digitally signed and requested admin, since it was an installer of course.

The first thing the PS script did was to add Windows Defender exceptions to hide itself. And it worked beautifully. All the rest of the downloading, decrypting, and making the scheduled task to start Redline at user login succeeded.

The only tipoff was seeing Powershell.exe in task manager with a base64 encoded command line argument. Any sufficiently advanced system administration tool is also powerful enough for a worm. The whole experience reminds me a lot of those early worms in the 2000s.

Google specialises in googol-deprecation, Microsoft specialises in micro-deprecation.
Man, I owe my career to that absolute shit-house of a language...and PowerShell. Thanks for hours and hours and hours of "fun", VBscript! I have a great life now because of you!
One could argue PS has some shit-house qualities too. Some weird choices.
They should have commited Powershell to be fully Typed and put more energy in IDE to make it convenient to use as a script language. The "magic" make it confusing.
Agreed. Once you start to go "full PowerShell" (i.e. creating .NET objects entirely with PowerShell), you enter this weird middle-ground where you have the worst of a scripting language (weakly typed; interpreted at runtime; heavy; awkward to implement some algorithms) with the worst of an OOP-type language (dealing with objects, basically). At that point, you might as well break out VSCode and write some C# or something.
I didn't say it didn't lol
The first ever code I wrote was bad VBS malware as a 10 year old. RIP
ON ERROR RESUME NEXT !
The next best line of code after "Hello World" :)
When will Microsoft fix the root cause, and stop with this 'Attack Vector' BS.

A running application should not, by default, have access to everything on disk (and every program running on the PC too). You will never annihalate every attack vector, especially when the limiting factor is dumb users.

To me this news reads like everyone who is intimately familiar with VBScript is retiring from MS and they're trying to get ahead of their own inability to maintain it.