Slashdot Mirror
First IA64 Windows Virus Released
NinjaPablo writes "W64.RugRat.3344 has been released as a proof of concept virus. It is the first virus which will only run on Windows on the IA64 platform, and uses APIs from 3 native DLLs to avoid crashing applications. It infects files that are in the same folder as the virus and in all subfolders. The author of the virus has also written other concept virii in the past."
If he's already infected with his own virus, you probably can't execute him. You'll just get a BSOD..
Hopefully he made a backup of himself recently.
This looks pretty oldschool... no stupid RPC nonsense or VBScript, it's a virus that infects other programs, and is spread by copying infected executables around. Just like the old days with MS-DOS viruses passed around on BBS's.
Incidentally, you could probably limit your vulnerability if the program was installed by an Administrator but only run by users without write permission, or if you removed write permission from programs that you run in your own folders.
The really cool thing is that it's written in IA64 assembly code. That sounds like quite an impressive feat. From what I hear that is far worse even than the PPC64 assembly code I usually write.
In order for this to be a breach of the DCMA, he would have had to break a digital security measure.
Seeing as this is Windows, it was less of a security measure and more of an invitation.
Sigs? We don't need no stinking sigs!
Linguistic evolution is an ongoing process which can 't be controlled by an "official" standard for a word. Virii is the next step in this evolution, like it or not. You should find a job with the Quebec language police...who enforce a variant of French that has many "incorrect" features in comparison to "real" French. Neither variants is less legitimate than the other, or Cajun French for that matter. I suppose Chaucer's English should still exist. It doesn't. Get over it.
"l33+5p34k" is not acceptable and should not carry over into the official language just because a bunch of basement dwelling morons think so.
You're right, there's no such word as "virii." There are also no such words as "boxen," "*nix," "sysadmin," "interweb," and "teevee." "Awesome" means "awe-inspiring," "cool" refers to a temperature, "radical" is what we call a nutjob, and, to my knowledge, no one has ever gotten "jiggy" with anything. Purists would even say that using "google" as a verb is wrong. These are the same people who had a problem with "surfing" the "web."
It's called slang, and it's evolving and changing all the time. Were these people to use "virii" in an official capacity, such as in a company-wide memo, or an academic paper, there would be a problem. But this is Slashdot, for crying out loud. Get over yourself and have a little fun.
So what? Boxen is not the plural of box and Unices is not the plural of Unix. But this is part of hacker culture. They are jokes. You don't have to laugh, but it's not incorrect to make jokes either.
Please correct me if I got my facts wrong.
this isn't an evoltion of the language. It doesn't follow any proper forms and needs to be stopped.
For a website that is full of "geeks" you sure do pride yourselves in talking like a bunch of undeducated morons.
W64.Rugrat is a fairly simple proof-of-concept virus. However, it is the first known virus to attack 64-bit Windows executables on IA64 systems intentionally, and it does so successfully. The virus uses a handful of Win64 API-s from 3 different libraries, NTDLL.DLL, SFC_OS.DLL and KERNEL32 respectively.
From NTDLL.DLL the viruses uses the following 3 functions LdrGetDllHandle(), RtlAddVectoredExceptionHandler() and RtlRemoveVectoredExceptionHandler(). The virus supports vectored exception handling to avoid crashing during infections.
Yes, the virus uses three DLLs. It also uses a routine to avoid crashing itself while infecting the machine... it does not look like the virus cares about crashing other applications.
The thing to pay attention to here is that this is a fault tolerant virus. I have seen more and more effort lately (Sasser for example avoids shutdowns to help it propagate) from authors trying to make their creation survive.
And why is it a shock that a virus can be written for either?
When palladium comes out and someone writes a virus that can escape it's sandbox, infect executables (which I'd imagine would involve resigning them) and spread, I'll be impressed.
I don't need no instructions to know how to rock!!!!
And whenever I see a
What about spending your time convincing people of more important issues like [insert anything else here]?
But when linguistic evolution is driven by clueless people trying to show how "smart" they are ("Oh, look, I can make this word plural in a way that makes me look like I studied Latin"), then it should be smashed flat with a large-type edition of the Oxford English Dictionary. People invent words, sometimes because there's a true need for a new word, and sometimes because they're ignorant of the correct word. People who invent out of ignorance should be shunned. And the virii they rode in on...
"Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched."
someone must have mistyped that from this...
"Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if a certain browser's vulnerabilities are not patched.
Just like hacker doesn't (only) mean hacker anymore but (also) means cracker. So stop the moaning about it, that's how language works, as the parent explained.
Socially inept nerds making up (what they think to be) cool-sounding plural forms does not count as a valid step in the evolution of the English language. The plural for "virus" existed long before computers did, and there is absolutely no reason to change it when it refers to a computer virus. You can use the word "virii" if you want, but don't be surprised when people think that you're a fucking retard for doing so.
Okay, just to collect all of the Microsoft trolls in one thread:
How can Windows ever be secure when exploits are released before the OS is available?!
It seems to me that Microsoft can't design a secure OS. After talking about security for more than 2 years, their latest incarnation is even less secure on its release date than Windows 95!
Microsoft: the Day Zero Exploit(tm) company
The society for a thought-free internet welcomes you.
People seem to be missing a major point here. This file doesn't do anything fancy, it just reads files and 'infects them'. There are no indications that this 'virus' is bypassing any kind of system security.
From the article:
"The SfcIsFileProtected() function of SFC_OS.DLL is used to avoid infecting executables that are protected by SFC (the System File Checker)."
Any sensible XP64 installation would not allow system files to be write accessible to anyone but the Administrator.
It's as if I wrote a c program that used fopen() and write() to destroy files, then declared I wrote a virus for linux. Whoo hoo.
Moderators: with your help, we can wipe out "virii" in our lifetime!
Nope, you can't wipe out the word "virii". It just keeps spreading. As soon as one guy uses it around his two friends, it spreads to them. Then they each use the word around two other friends, who catch it. At this point it stops for a while, since those seven geeks don't have any other friends. But then one of them posts it online, and it spreads to hundreds of others.
Despite your efforts to stop it, the word "virii" will continue to spread to more and more people, like some sort of computer "worm".
Actually language is simply what people use to communicate verbally and writen and is defined by said usage.
What determines what is a word is NOT some definition of correctness. Useage is what defines the language. So if enough people were to use virii as the plural of virus it would be so.
This is pretty much a summation of the statement a language expert and senior editor of a well known, dictionary (who's name escapes me), said during an NPR interview a few months ago.
I'm shure if you looked around you could find pleny of examples of words that started out as manipulations by a subset of the population that gained popularity and are now considered regular english.
'Hacker', for example, is one such word twice over at least. It started as a reference to people who used hand axes to make furniture.
now look where that word is used.
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
no dowt you can figur aut what this sentance is ment to meen two but that doesnt meen its not ridled with tyops. It's irritating to have to translate someone's text into English before I can read it (more accurately as I read it). If you want to communicate you should make every reasonable effort to achieve correctness of language. If you want to argue the descriptive-vs-prescriptive nature of dictionaries then feel free to substitute the word 'consistency' for 'correctness'. That is consistency with others, not self-consistency. 'Virii' has nowhere near enough support to be considered a meaningful word.
Using a word to annoy people is not a pleasant behaviour whether or not you agree with them on this one issue.
More descriptive? At best 'virii' carries the same meaning as 'viruses'. At worst it carries no meaning. 'Viruses' follows standard English rules of pluralisation - again, if you object to prescriptive language feel free to substitute the word 'conventions' for 'rules' - so that anyone who knows the word 'virus' can discern its meaning. 'Virii' follows no standard rule, not even the imaginary Latin rule that spawned it.
Of course it does, because that version ('viri', not 'virii') at least sounds like it could be a real word like in the common Latin '-us' becomes '-i' rule (note that this isn't a general rule for Latin words; see elsewhere for where this perception comes from).
Why is anything anything?
I was merely trying to make the point that there is no secure OS's if you consider a single exploit sufficient to disqualify it as you were.
I'm not going to attempt to refute all of your arguments (and perhaps I can't anyway), but I think your analysis lacks a bit of perspective as well.
For example, IBM's mainframes for most of their existence were not connected to anything outside of IBM so if there were buffer overruns etc, they could not be exploited. Even today, it's likely that most mainframes are not directly connected to the Internet but are on a private net within an organization. In addition, knowledge of the architecture of a mainframe is more obscure and thus it takes more effort to exploit any holes. Finally, the administration of mainframes is performed more carefully then the average Windows box (or Linux box, for that matter).
The bottom line is that you can't just talk about relative numbers of exploits, you have to take the entire environment and history into account to determine relative security or quality.
Surely if MS had been willing to throw away backward compatibilty and make Windows as hard to administer and use as Unix they could have created an OS that was at least as secure as Unix (It's not rocket science after all.) The reason they didn't was that that's not what their customers wanted and they would have lost a lot of their business if they had.
Now their customers are becoming more interested in security over ease of use and they have been making changes in that direction.