Slashdot Mirror

← Back to Stories (view on slashdot.org)

First IA64 Windows Virus Released

Posted by CmdrTaco on from the that-didn't-take-long dept.

NinjaPablo writes "W64.RugRat.3344 has been released as a proof of concept virus. It is the first virus which will only run on Windows on the IA64 platform, and uses APIs from 3 native DLLs to avoid crashing applications. It infects files that are in the same folder as the virus and in all subfolders. The author of the virus has also written other concept virii in the past."

13 of 479 comments (clear)

  1. There's no such word as "virii" by Anonymous Coward · · Score: 0, Informative
    I'm on a crusade. I intend to post a comment like this one whenever I see anybody use "virii." Please don't interpret this comment as either endorsement of or disagreement with the parent post. Moderators: with your help, we can wipe out "virii" in our lifetime!

    The plural of "virus" isn't "virii." There is no such word. The plural of "virus" is "viruses."

    Here's a good explanation from cdknow.com, quoted here in its entirety because the people who most need to read this won't click on a link.

    The correct English plural of virus is viruses. Please consult any good dictionary before making up words.

    For the purists, in Latin, there is a rarely-used plural form:

    virus, viri (neuter)

    (Forms: almost always restricted to nominative and accusative singular; generally singular in Lucretius, ablative singular in Lucretius)

    The point of this is that even in Latin the form "viri" is rarely used. The singular form is used in most every instance. (This is from the Oxford Latin Dictionary.)

    So, when considering the Latin: "virii" is incorrect and "viri" was almost never used.

    Despite the fact there was little use for the plural form, there is another reason why "viri" was rarely used. The most common Latin word for "man" is "vir" with "viri" being its plural in the form used as the subject of a sentence. Thus, since "men" as the subject of a sentence would be used far more often than "venoms" (virus means venom) the "viri" word was most commonly seen as the plural of "man."

    Bottom line: Don't try to make up words using a false Latin plural form. Since the word virus in its English form is now used then the English plural (viruses) should be used.

    More plural-of-virus resources:

    perl.com, the canonical and exhaustive source
    Jonathan de Boyne Pollard's Frequently Given Answer
    Merriam-Webster's "Word for the Wise," January 20, 2000.

    1. Re:There's no such word as "virii" by TheRealMindChild · · Score: 3, Informative
      Well, we can prove this a simple way... here

      virus ( P ) Pronunciation Key (vrs) n. pl. viruses 1. 1. Any of various simple submicroscopic parasites of plants, animals, and bacteria that often cause disease and that consist essentially of a core of RNA or DNA surrounded by a protein coat. Unable to replicate without a host cell, viruses are typically not considered living organisms. 2. A disease caused by a virus. 2. Something that poisons one's soul or mind: the pernicious virus of racism. 3. Computer Science. A computer virus.
      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    2. Re:There's no such word as "virii" by Milton+Waddams · · Score: 2, Informative

      if you knew absolutely anything about language, you'd know that there is no wrong or right, just understandable or not understandable.

      just because a word is not in a dictionary, it doesn't mean that it doesn't exist. if your view of language was right then language wouldn't have existed before dictionaries were invented and new words would never be formed.

      i'm on a little crusade of my own to stomp out pedantic assholes like you who feel the need to dictate to everyone else how they should use language.

      this comment isn't informative, it's moronic.

  2. This isn't a big deal by Anonymous Coward · · Score: 3, Informative

    Read the details, there's nothing special to see here. This isn't a worm, it doesn't gain root/admin access and it doesn't exploit any vunerabilities of the platform. It requires "direct execution" (i.e. the user has to run it manually). It's just a good old fashioned virus that inserts code into an exe. The proof of concept is that Windows leaves exes writable by default. You can prevent it by not making your application folders writable from userland, which is what any good admin should be doing anyway.

    "The file infection routine is standard. The last section of the executable is marked as executable, the virus body is inserted into the
    last section and a random number of bytes are appended to the end of the virus body."

  3. Re:Does that mean by dan_sdot · · Score: 2, Informative
    that 64 bit viruses are twice as powerful as 32-bit ones?

    ???
    Twice as fast?
    (2^32)*2 = 2^64

    Not really.

  4. Roy g biv is the author of the virus by Anonymous Coward · · Score: 4, Informative

    roy g biv is the author of the worm, and is a member of the 29A VX group. The group has been responsible for Donut (first .NET virus), Winux (the first virus to infect both Linux ELF binaries and Windows executables), as well as a few others of notoriety.

    29A is probably the most elite malware group out there.

  5. Re:Does that mean by Paladine97 · · Score: 1, Informative

    Did you flunk math?

    (2^32)*2 = 2^33

  6. no. It's perfectly reasonable. by Anonymous Coward · · Score: 1, Informative

    Not sure why that poster tried to act like PPC64 is a difficult variant. It's easier than many others. Very straightforward.

    I think he was just showing off his Intarweb c0ck.

    IA64 is a nightmare. Instruction bundles, etc.

  7. Proof of concept viruses not terrible by crawdaddy · · Score: 5, Informative

    To all those saying that a proof-of-concept virus is still a virus and that this guy is doing a disservice to the world by writing one, I'd like to give an alternate way of viewing it. Writing proof of concepts that aren't spread in the wild (like the other viruses mentioned in the second link) help anti-virus groups in advancing knowledge on current/new techniques that may not have been known about or considered in the past.

    IANAVWOAVG, though (I Am Not A Virus Writer Or Anti-Virus Guy)

  8. Re:Boxen by nytmare · · Score: 2, Informative

    Not really true -- "boxen" is more obviously a joke / play on words, whereas writing "virii" just makes you look ignorant. "Virii" is written like "radii" but while "radius" is a real word, "virius" is not.

  9. Re:What are the legal implications? by prat393 · · Score: 4, Informative

    Umm... the DMCA doesn't really have anything to do with this; no copy-protection procedures have been circumvented, so no copyright violations have occurred here. In point of fact, the virus author hasn't broken any laws by writing and releasing this virus, assuming he hasn't been using it to damage any systems out there (besides his own).

    Of course, if he actually were to try and damage someone's box with this virus he might have a hard time of it, since all it does is spread itself throughout the system... you get a minor to major slowdown and increase in file sizes, which can cause other things to break, but it's not very likely.

  10. Re:Wow, on the ball. Maybe MS should hire these gu by prat393 · · Score: 2, Informative

    Actually, 64-bit Windows XP is already out there and available for purchase, but only for the IA64 architecture (itanium) - support for AMD's 64 bit chips is still in beta (although relatively stable, from what I hear).

  11. Re:Does that mean by Dman33 · · Score: 2, Informative

    Did you flunk reading comp?

    And what moronic mods rated this Informative????