May 27th, 2004, 08:27 PM
first virus for 64-bit Windows
A friend of mine just sent this link to me, I thought it was kind of interesting so I would share
here's a cut/paste if you don't want to click the link.
W64.Rugrat.3344 is a direct-action infector (it exits memory after execution) of IA64 Windows Portable Executable (PE) files - this includes most Windows applications - excluding .dlls. It infects files that are in the same folder as the virus and in all subfolders. It is the first known virus for 64-bit Windows, and it uses the Thread Local Storage structures to execute the viral code. This is an unusual method of executing code. It does not infect 32-bit Portable Executable files, and it will not run on 32-bit Windows platforms. The virus is written in IA64 assembly code.
Note: A true 64 bit machine is not required for this virus, as it can be run on a 32 bit machine using 64 bit simulation software.
And so it begins.
May 27th, 2004, 08:42 PM
geez that was awful fast. I wonder when the first virus for 64bit linux distros will happen.
I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey
May 28th, 2004, 12:58 AM
You know, I have high hopes for the x86 architecture as far as 64-bit procs, hardware, the PCI Express architecture, SATA drives, etc...
RIGHT NOW is the only time MS has a fighting chance to rectify their mistakes with the inherited code issues of 95/98/Me/XP/2000/NT/etc and produce IMMEDIATE TRUE FIXES to the problems that will invariably arise. No time like the present. Find the botched code, fix it, issue immediate patches, everything...take care of business right now while you have a relatively "easy" number of problems to manage before it becomes a serious catastrophe. And for the love of all that's holy, DO NOT RELEASE ANYTHING UNTIL IT'S PROVEN THAT IT WON'T CREATE A BIGGER PROBLEM (read: UPNP exploit, hehe).
Please, please, please get this fixed, MS...
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
May 28th, 2004, 11:39 AM
It's not a very complex virus, as it is not memory resident and only infects files in the current folder (and subfolders as you state). It can be compared to the school example of a COM infector, only this one infects 64-bit executables (a bit harder to code).
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content
May 28th, 2004, 02:37 PM
It was recently /.'ed as well.
It's always interesting to see a new virus hit the scene. But, as has been said before, it's really nothing new or fancy, it's your general executable infector that's been tweaked to run on the 64-bit architecture. So, it's not quite 'proof of concept' it's more of a 'new application of an old concept'. Still interesting to look at it though.
Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.
May 28th, 2004, 03:46 PM