Jack the ripper
Baseband Member
- Messages
- 47
First 64-bit virus found
The first virus to target 64-bit computers has been found in the wild.Named W64.Rugrat.3344 by Symantec, the new virus can also run on 32-bit computers that are using 64-bit emulators, but not on 32-bit code.The limited numbers of 64-bit computers and the relative simplicity of the virus mean it is not much of a threat, but it does use some interesting new methods of transmission.Symantec has reported fewer than 50 Rugrat cases and it is thought to no longer be spreading."Currently, there isn't a broad penetration of 64-bit systems. Most home and business systems deployed today are running on 32-bit platforms and are not affected by this threat," said Vincent Weafer, senior director of Symantec Security Response, in a statement."At this time, we are not expecting widespread copycats since assembly code requires advanced technical knowledge. W64.Rugrat.3344 is a fairly simple proof-of-concept virus."Written in Intel Architecture 64 assembly code, the virus spreads via Windows Portable Executable files that are used by most Windows 64 applications, except .dlls.Once established it spreads to files in the same folder and then into subfolders.The new virus is described as a 'direct-action infector' because it runs, spreads to a new file, and then the originating code shuts down.The same techniques have been used in six similarly low-risk proof-of-concept viruses aimed at 32-bit systems, known as the W32.Chiton.gen family."Direct-action infectors are seldom seen in the wild as they don't spread very fast," said David Emm, senior technical consultant at Kaspersky Labs."This is someone turning out a proof using an original, simple virus that has been designed to spread and then cause no further harm, although a payload could be added. It will be interesting to see if there are any copycat follow-ups."Microsoft and Intel were unavailable for comment at time of going to press.
The first virus to target 64-bit computers has been found in the wild.Named W64.Rugrat.3344 by Symantec, the new virus can also run on 32-bit computers that are using 64-bit emulators, but not on 32-bit code.The limited numbers of 64-bit computers and the relative simplicity of the virus mean it is not much of a threat, but it does use some interesting new methods of transmission.Symantec has reported fewer than 50 Rugrat cases and it is thought to no longer be spreading."Currently, there isn't a broad penetration of 64-bit systems. Most home and business systems deployed today are running on 32-bit platforms and are not affected by this threat," said Vincent Weafer, senior director of Symantec Security Response, in a statement."At this time, we are not expecting widespread copycats since assembly code requires advanced technical knowledge. W64.Rugrat.3344 is a fairly simple proof-of-concept virus."Written in Intel Architecture 64 assembly code, the virus spreads via Windows Portable Executable files that are used by most Windows 64 applications, except .dlls.Once established it spreads to files in the same folder and then into subfolders.The new virus is described as a 'direct-action infector' because it runs, spreads to a new file, and then the originating code shuts down.The same techniques have been used in six similarly low-risk proof-of-concept viruses aimed at 32-bit systems, known as the W32.Chiton.gen family."Direct-action infectors are seldom seen in the wild as they don't spread very fast," said David Emm, senior technical consultant at Kaspersky Labs."This is someone turning out a proof using an original, simple virus that has been designed to spread and then cause no further harm, although a payload could be added. It will be interesting to see if there are any copycat follow-ups."Microsoft and Intel were unavailable for comment at time of going to press.