Results 1 to 6 of 6

Thread: first virus for 64-bit Windows

  1. #1

    first virus for 64-bit Windows

    A friend of mine just sent this link to me, I thought it was kind of interesting so I would share

    http://securityresponse.symantec.com...grat.3344.html

    here's a cut/paste if you don't want to click the link.

    W64.Rugrat.3344 is a direct-action infector (it exits memory after execution) of IA64 Windows Portable Executable (PE) files - this includes most Windows applications - excluding .dlls. It infects files that are in the same folder as the virus and in all subfolders. It is the first known virus for 64-bit Windows, and it uses the Thread Local Storage structures to execute the viral code. This is an unusual method of executing code. It does not infect 32-bit Portable Executable files, and it will not run on 32-bit Windows platforms. The virus is written in IA64 assembly code.


    Note: A true 64 bit machine is not required for this virus, as it can be run on a 32 bit machine using 64 bit simulation software.

    And so it begins.

  2. #2
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172
    geez that was awful fast. I wonder when the first virus for 64bit linux distros will happen.
    I believe in making the world safe for our children, but not our children’s children, because I don’t think children should be having sex. -- Jack Handey

  3. #3
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    You know, I have high hopes for the x86 architecture as far as 64-bit procs, hardware, the PCI Express architecture, SATA drives, etc...

    RIGHT NOW is the only time MS has a fighting chance to rectify their mistakes with the inherited code issues of 95/98/Me/XP/2000/NT/etc and produce IMMEDIATE TRUE FIXES to the problems that will invariably arise. No time like the present. Find the botched code, fix it, issue immediate patches, everything...take care of business right now while you have a relatively "easy" number of problems to manage before it becomes a serious catastrophe. And for the love of all that's holy, DO NOT RELEASE ANYTHING UNTIL IT'S PROVEN THAT IT WON'T CREATE A BIGGER PROBLEM (read: UPNP exploit, hehe).

    Please, please, please get this fixed, MS...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  4. #4
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    It's not a very complex virus, as it is not memory resident and only infects files in the current folder (and subfolders as you state). It can be compared to the school example of a COM infector, only this one infects 64-bit executables (a bit harder to code).
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  5. #5
    Senior Member
    Join Date
    Nov 2003
    Posts
    107
    It was recently /.'ed as well.

    http://slashdot.org/article.pl?sid=04/05/27/158244

    It's always interesting to see a new virus hit the scene. But, as has been said before, it's really nothing new or fancy, it's your general executable infector that's been tweaked to run on the 64-bit architecture. So, it's not quite 'proof of concept' it's more of a 'new application of an old concept'. Still interesting to look at it though.
    Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    217
    Thanks...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •