Slashdot Mirror
First IA64 Windows Virus Released
NinjaPablo writes "W64.RugRat.3344 has been released as a proof of concept virus. It is the first virus which will only run on Windows on the IA64 platform, and uses APIs from 3 native DLLs to avoid crashing applications. It infects files that are in the same folder as the virus and in all subfolders. The author of the virus has also written other concept virii in the past."
Here's to a long and fruitful future for Win64 viruses...
Now we hunt him down and execute him, right?
pb Reply or e-mail; don't vaguely moderate.
Argh.
To try to stall everyone's almost certain flamewars regarding the correct plural form of virus, let me propose a new word.
Virusesii.
There, now everyone can use it, okay?
IA64 Windows was the first. (Someone had to say it)
a hole in the "people write virii for it because it's the biggest target" argument for the proliferation of Windows virii?
That which does not kill her only prolongs my agony.
Yes! You're no longer limited to slowing your computer by simulating an architecture you don't have--you can run their viruses, too!
Then that 64 bit OS might actually get out the door sometime this decade.
Free Mac Mini Yeah, it's
I apologize for my horrid use of the word 'virii', and accept the standard and proper word, 'viruses'.
Must not have had enough coffee when I submitted that...
SmashTech - No smashing of tech involved
No, they are 4294967296 times better.
Hello, my name is Robert Lerner, and I pronounce Lernux as "99% cpu"
This looks pretty oldschool... no stupid RPC nonsense or VBScript, it's a virus that infects other programs, and is spread by copying infected executables around. Just like the old days with MS-DOS viruses passed around on BBS's.
Incidentally, you could probably limit your vulnerability if the program was installed by an Administrator but only run by users without write permission, or if you removed write permission from programs that you run in your own folders.
The really cool thing is that it's written in IA64 assembly code. That sounds like quite an impressive feat. From what I hear that is far worse even than the PPC64 assembly code I usually write.
Linguistic evolution is an ongoing process which can 't be controlled by an "official" standard for a word. Virii is the next step in this evolution, like it or not. You should find a job with the Quebec language police...who enforce a variant of French that has many "incorrect" features in comparison to "real" French. Neither variants is less legitimate than the other, or Cajun French for that matter. I suppose Chaucer's English should still exist. It doesn't. Get over it.
I'm still waiting for the fabled Open Source Cross Platform Virus that can be deliever to all mail system. Sure it require the recipient to uncompress and compile the virus, but it can hit ALL platforms.
You're right, there's no such word as "virii." There are also no such words as "boxen," "*nix," "sysadmin," "interweb," and "teevee." "Awesome" means "awe-inspiring," "cool" refers to a temperature, "radical" is what we call a nutjob, and, to my knowledge, no one has ever gotten "jiggy" with anything. Purists would even say that using "google" as a verb is wrong. These are the same people who had a problem with "surfing" the "web."
It's called slang, and it's evolving and changing all the time. Were these people to use "virii" in an official capacity, such as in a company-wide memo, or an academic paper, there would be a problem. But this is Slashdot, for crying out loud. Get over yourself and have a little fun.
They are 4,294,967,296 times more powerful.
So by RIAA math logic, this means that the virus writers are really causing $429,496,729,600,000,000 worth of damage!
Of course I'm referring to total amount of Itanium users out there.
Sure. Next you'll tell me that the plural of box isn't boxen. It has to be. English is a totally consistent language and the plural of VAX is VAXen.
It is well known that the pluralizing of nouns in english is well defined:
ouse -> ice.
eg. house -> hice.
ata -> atabase.
eg. data -> database.
ink -> egnancy.
eg. drink -> pregnancy.
That one is a little tricky because it requires a change in the base word.
outer -> 0,000
cisco router -> $450,000
See previous example.
Just a thought.
Boxen is annoying too. It's fucking boxii.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
W64.Rugrat is a fairly simple proof-of-concept virus. However, it is the first known virus to attack 64-bit Windows executables on IA64 systems intentionally, and it does so successfully. The virus uses a handful of Win64 API-s from 3 different libraries, NTDLL.DLL, SFC_OS.DLL and KERNEL32 respectively.
From NTDLL.DLL the viruses uses the following 3 functions LdrGetDllHandle(), RtlAddVectoredExceptionHandler() and RtlRemoveVectoredExceptionHandler(). The virus supports vectored exception handling to avoid crashing during infections.
Yes, the virus uses three DLLs. It also uses a routine to avoid crashing itself while infecting the machine... it does not look like the virus cares about crashing other applications.
The thing to pay attention to here is that this is a fault tolerant virus. I have seen more and more effort lately (Sasser for example avoids shutdowns to help it propagate) from authors trying to make their creation survive.
To bad about the logo, but it can work on 32bits...
From the ArticleSo just get your 64 bit emulator running and you too can enjoy tomorrows viruses today!
To all those saying that a proof-of-concept virus is still a virus and that this guy is doing a disservice to the world by writing one, I'd like to give an alternate way of viewing it. Writing proof of concepts that aren't spread in the wild (like the other viruses mentioned in the second link) help anti-virus groups in advancing knowledge on current/new techniques that may not have been known about or considered in the past.
IANAVWOAVG, though (I Am Not A Virus Writer Or Anti-Virus Guy)
Um, no.
It's 'Boxi' -- second delclension plural as follows:
N: boxi
G: boxorum
D: boxis
Ac: boxum
Ab: boxis
Eunuch boxum Unix laudat.
("The eunuch praises Unix boxes.")
Something like that.