Slashdot Mirror

← Back to Stories (view on slashdot.org)

64-Bit Rugrat Virus Emerges

Posted by timothy on from the like-cicadas-are-the-skripters dept.

weekendwarrior1980 writes "The first computer virus to target 64-bit Windows systems has been detected by security authorities. Dubbed "W64.Rugrat.3344," the virus is a fairly benign, proof-of-concept infection agent, according to a report issued on the Symantec Web site. This threat does not infect 32-bit systems and will not run on 32-bit Windows platforms. It is a direct-action infector, typically exiting memory after execution, and is written in IA64 (Intel Architecture) assembly code." Update: 05/29 19:26 GMT by T : Yes, this is the same "non-event" virus already mentioned.

6 of 162 comments (clear)

  1. This was covered two days ago. by Geoffreyerffoeg · · Score: 2, Interesting

    Dupe.

    Don't the editors them selves read Slashdot...hm, I can see why not. Vicious circle. The more dupes posted, the less they're inclined to read articles, and the more dupes they approve.

  2. What's interesting... by Lars+Clausen · · Score: 5, Interesting

    We have here a virus for IA64, a system that's out there in a minimal amount of machines, all high-end (presumably well-protected) servers. Now one of the standard explanations for the lack of viruses for Linux is that Linux is not as widespread. It is, however, much more widespread than IA64. Thus the amount of Linuxen out there is certainly not the only reason we're not seeing virues for Linux. Who knows, maybe Linux *is* actually more secure than Windows?

    -Lars

  3. There is a lesson here by hedley · · Score: 2, Interesting

    As I have said before, a server with a morphable ISA can be really valuable. This new infection only works on i64. Now imagine a writable control store i32 where you can change the decoder/isa cracker. A linux disti with toolchain built from a random #. The random # permutes the ISA and updates the WCS. A new binutils is built and kernel built from that. It will only run on that #'d ISA. Any worm arriving on the wire will die since its i32 decodings have no meaning in this context.

    Hedley

  4. Totally Oldschool by Anonymous Coward · · Score: 1, Interesting

    This looks pretty oldschool... no stupid RPC nonsense or VBScript, it's a virus that infects other programs, and is spread by copying infected executables around. Just like the old days with MS-DOS viruses passed around on BBS's.

    Incidentally, you could probably limit your vulnerability if the program was installed by an Administrator but only run by users without write permission, or if you removed write permission from programs that you run in your own folders.

    The really cool thing is that it's written in IA64 assembly code. That sounds like quite an impressive feat. From what I hear that is far worse even than the PPC64 assembly code I usually write.

  5. Flame all you want by The+Meshback · · Score: 2, Interesting

    Sometimes I see a dupe article on /. Sometimes that same article will appear more than a few times. Do I get up-in-arms about it? No, I just let it go. /. has about 10 editors, AFAIK, and who knows how many stories get submitted everyday? I'd say at least in the 1000-range. So you expect every fscking article that is interesting to be reseached?

    Flame me all you like, but I'd just like to point out that the editors of /. are HUMAN. If they post a dupe, ignore it, go to another article, rethink your view on it. I can hardly believe that you have never made a mistake in your life. You've never typed a wrong character when you were coding? You've never wrongly diagnosed a pc problem? The /. editors are doing us a service of showing articles that they think WE will find interesting. If you have such a hard time with an occasional human failure, go look for another site that's as good. I can assure you you will not find it.

  6. Re:Missing the linux lockdown by Torne · · Score: 2, Interesting

    Unfortunately, noexec is trivial to bypass, just run: /lib/ld-linux.so.2 /home/me/my-evil-binary

    Sorry =)