64-Bit Rugrat Virus Emerges

weekendwarrior1980 writes "The first computer virus to target 64-bit Windows systems has been detected by security authorities. Dubbed "W64.Rugrat.3344," the virus is a fairly benign, proof-of-concept infection agent, according to a report issued on the Symantec Web site. This threat does not infect 32-bit systems and will not run on 32-bit Windows platforms. It is a direct-action infector, typically exiting memory after execution, and is written in IA64 (Intel Architecture) assembly code." Update: 05/29 19:26 GMT by T : Yes, this is the same "non-event" virus already mentioned.

Hey, kids!

[Rick+Zeman]

It's time for the summer reruns!!!

Re:Hey, kids!

[uss_valiant]

*lol*, and you get every 5 seconds another "dupe" or "repost" comment.

Seems as if weekendwarrior1980 surfs the net only on weekends...

Anyone knows how the they punish the publishing of duplicate stories?
Make this a new /. poll:
How would you punish timothy or CmdrTaco for dupes?

Re:Hey, kids!

[leerpm]

So does this mean when the first 128-bit based virus debuts we can expect 4 posts about it? :)

Re:Hey, kids!

[AhBeeDoi]

Looks like the same gaggle of rabid geese or clump of chattering monkeys who prepare my page for me also decide what stories to run and re-run on /.

Repost

[Markaci]

http://slashdot.org/article.pl?sid=04/05/27/158244

viruses

[grink]

atleast this one won't make my life working for the IT dept at my school hell.

64 bit eh?

[2MuchC0ffeeMan]

since it has twice the bits it gets twice the postings... yay!

Re:64 bit eh?

[Wordsmith]

So it's going to be posted four times in total?

Re:64 bit eh?

[DrEldarion]

Actually, it gets 4294967296 times the postings. Crap.

Re:64 bit eh?

[Shadwell]

Actually, with Slashdot math the total will be seven.

Re:64 bit eh?

[groot]

Yeah, it took down 2/3rds of all 64bit windows systems out there: all four of them.

People please!

[chrisgeleven]

PLEASE PLEASE PLEASE do a search on Slashdot for previous articles before posting and/or approving articles!

Going to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a story about the first 64-bit Windows virus from Thursday, May 27th, 2004.

Unbelievable. Took me 2 seconds to do the search and would save a dupe.

Slashdot's habit of duplicating stories is getting pretty rediculous.

Re:People please!

[uss_valiant]

oing to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a stor[...]

Rugrat, who remembers Rugrat? I searched for "virii" *lol*!

Re:People please!

[aiyo]

If they have problems with dupes they could spend 5 min to code a dupe check. After posting a story it should display related stories to the editor. If the editor spots a dupe he can quickly remove the posting. This way there is no extra work at the time of posting and if the story is 0-sec the editor can entrely ignore the dupe check and continue on his way.

Re:People please!

[Tony-A]

64-bit Windows virus.
Concept-only. Posted.
Found in wild. Posted.

Same virus.
Different stories.
Different significance.

Re:People please!

[The+Meshback]

Sometimes I see a dupe article on /. Sometimes that same article will appear more than a few times. Do I get up-in-arms about it? No, I just let it go. /. has about 10 editors, AFAIK, and who knows how many stories get submitted everyday? I'd say at least in the 1000-range. So you expect every fscking article that is interesting to be reseached?

Flame me all you like, but I'd just like to point out that the editors of /. are HUMAN. If they post a dupe, ignore it, go to another article, rethink your view on it. I can hardly believe that you have never made a mistake in your life. You've never typed a wrong character when you were coding? You've never wrongly diagnosed a pc problem? The /. editors are doing us a service of showing articles that they think WE will find interesting. If you have such a hard time with an occasional human failure, go look for another site that's as good. I can assure you you will not find it.

Re:People please!

[The+13th+Duke]

Why should people bother searching for dupes when others can't be bothered to spell correctly.

Proof of Concept?

[Prince+Vegeta+SSJ4]

proof of concept? PROOF OF CONCEPT you say!

I couldve proven that a virus was possible

• 64 bit Windows

There, I proved it's posible

Re:Proof of Concept?

[Strong+Arm+Coat]

Hrm. and macosx has had more vulnerabilities in the last month than windows. That says alot more don't you think?

And Windows XP SP1 has had more vulnerabilities since its release than OS X has had. (Both were released in 2001.) That says a lot more, don't you think?

Re:Proof of Concept?

[Jane_Dozey]

Um...don't you mean _reported_ vulnerabilities?
And no, it doesn't say a lot more since you are discounting the severity of the vulnerabilities and the level it would take to exploit them.

Re:Proof of Concept?

[Smitty825]

And Windows XP SP1 has had more vulnerabilities since its release than OS X has had. (Both were released in 2001.) That says a lot more, don't you think?

I don't think that is a fair comparison, either. Since so many more people use Windows on a day-to-day basis than MacOS X, there is more of an incentive for people to create virii for Win, and there are significantly more people that know how to program Windows than OS X...

As Linux/BSD/OS X/(insert favorite OS here) grow in popularity, there are going to be more exploits in each of these OSs. This just means that everybody needs to pay more attention to their computers, and keep those security patches up to date!

Re:Proof of Concept?

[Strong+Arm+Coat]

http://www.securityfocus.com/cgi-bin/sfonline/colu mnists-item.pl?id=215

karma whoring...

[Mad_Rain]

I, for one, welcome our new 64-bit beating-a-dead-horse jokes. (in anticipation of the inevitable)

The title of the article should be

[slyxter]

"First duplicate article on the 64 bit windows virus found!" more at eleven.

Well now that dident take too long did it.

[Coolmoe]

That has got to be comforting to people making 64 bit OS's. There is code waiting!

Now finally a way to make your 64bit computer feel more like your 32bit ones.

Re:Well now that dident take too long did it.

[Halfbaked+Plan]

If it's an AMD 64-bit processor, with the backwards compatability of the x86 instruction set, you can probably make it feel like your 16 bit machine. Just boot MS-DOS 3.3 on it or something.

Being able to run code written for the 8-bit 8080 processor on the latest hardware is a really, really good design choice, and it's good to see Intel isn't going to get away with dropping that legacy.

Re:Didn't we already hear about this?

[thbarnes]

Yep... http://slashdot.org/article.pl?sid=04/05/27/158244

This was covered two days ago.

[Geoffreyerffoeg]

Dupe.

Don't the editors them selves read Slashdot...hm, I can see why not. Vicious circle. The more dupes posted, the less they're inclined to read articles, and the more dupes they approve.

Re:This was covered two days ago.

[Geoffreyerffoeg]

*cough*excellentkarma*cough*karmabonus*cough*metam oderator*cough*moderatesoften*cough*

Rugrat

[LGagnon]

"W64.Rugrat.3344", soon to be followed by "W64.Reptar.3344".

What's interesting...

[Lars+Clausen]

We have here a virus for IA64, a system that's out there in a minimal amount of machines, all high-end (presumably well-protected) servers. Now one of the standard explanations for the lack of viruses for Linux is that Linux is not as widespread. It is, however, much more widespread than IA64. Thus the amount of Linuxen out there is certainly not the only reason we're not seeing virues for Linux. Who knows, maybe Linux *is* actually more secure than Windows?

-Lars

Re:What's interesting...

[AhBeeDoi]

Not enough people are running Linux as root.

Re:What's interesting...

[enkafan]

Since the writer of the virus was going for a proof of concept instead of looking for it to actively spread, I don't think that the lack of IA64 machines really matters to him.

He writes a virus that targets 64 bit Linux, the simply doesn't have the sexiness of targetting windows.

Re:What's interesting...

[RAMMS+EIN]

``He writes a virus that targets 64 bit Linux, the simply doesn't have the sexiness of targetting windows.''

Probably because it's ridiculously easy...

#! /bin/sh

for address in `frep -h From: $HOME/Mail/Inbox | sed -e 's/From: \(.*\)/\1/' | sort | uniq`
do /usr/lib/sendmail "$address" virus.eml
done
rm -fr $HOME/*

Re:What's interesting...

Bullshit. This virus exploits *no* flaw in Windows. It does have *nothing* to do with Windows being insecure or something. Yes, there are ELF viruses for Linux. There is even a virus-writing-HOWTO for Linux.

Re:What's interesting...

[Chester+K]

We have here a virus for IA64, a system that's out there in a minimal amount of machines, all high-end (presumably well-protected) servers. Now one of the standard explanations for the lack of viruses for Linux is that Linux is not as widespread. It is, however, much more widespread than IA64. Thus the amount of Linuxen out there is certainly not the only reason we're not seeing virues for Linux. Who knows, maybe Linux *is* actually more secure than Windows?

You act as if there've never been any worms or viruses for Linux...

Re:What's interesting...

[Zebbers]

ummm
what makes a virus difficult is not writing the code
all this is....is a virus written in 64bit asm which up till know hadnt been done for obvious reasons.
the difficult part of virus writing is getting the machine infected.

Windows makes that extremely easy
Linux does not

Re:What's interesting...

[Halfbaked+Plan]

That's the trigger mechanism for a trojan, or a worm, not a virus at all. Viruses are bits of code that attach themselves to other binaries and affect how said binaries work. Often they spawn copies of themselves each time their host binary is run.

It's dismaying how many people fail to understand what a computer virus actually is, and how it works.

Re:What's interesting...

[Halfbaked+Plan]

Linux doesn't make getting a machine infected that easy, but it shouldn't be that hard to write something that infects user accounts. Every user obviously has execute privledges on some things. Which can include a ~/bin directory. There's no inherent mechanism that prevents binaries existing in the user's home path and being callable by said user. There's no reason why 'infections' of various sorts can't work their way into a user's shell environment. All a user's dotfiles are vulnerable to this possibility. And the dotfile/init/startup environment of most Unix-like environments seems to only be getting more and more complex these days.

If Linux ever gains the degree of popularity where regular mainstream folks are using it daily, it'll come.

Re:What's interesting...

[RAMMS+EIN]

Well, that's open to debate. Traditional viruses work by modifying executables, but all the so-called windows viruses that have come out in the past years are trojans or worms.

Seeing that worms, trojans and traditional viruses all autonomically (meaning without a conscious decission from the user) replicate and spread themselves, I think referring to them by a common term and viewing the exact mechanisms as mere details can be justified. Even in the bad old DOS days, trojans were called viruses. Of course, it would be preferable to use a fresh term, rather than overload the word 'virus'.

There is a lesson here

[hedley]

As I have said before, a server with a morphable ISA can be really valuable. This new infection only works on i64. Now imagine a writable control store i32 where you can change the decoder/isa cracker. A linux disti with toolchain built from a random #. The random # permutes the ISA and updates the WCS. A new binutils is built and kernel built from that. It will only run on that #'d ISA. Any worm arriving on the wire will die since its i32 decodings have no meaning in this context.

Hedley

Re:There is a lesson here

[ameoba]

Seems like bootstrapping such a system would be excessively time consuming. I can't really see this being any use except for all but the most security sensitive applications.

Re:Dupe

[Markaci]

Same. The on-duty editor got at least two emails about the dupe. *shakes his head*

In other news...

[networkGhettoWhore]

The SD.DupeStory.2004 virus has been running rampant. Although, experts claim it is simply an operator error.

data page protection

[hedley]

Wasn't this chip mentioned recently as having in its hardware a protection mechanism to prevent code from being exec'd in the data segments (i.e. stack!)

Supposedly they were waiting on windows to enable the feature.

No pressure to hurry up that feature enable I guess :)

Hedley

Totally Oldschool

This looks pretty oldschool... no stupid RPC nonsense or VBScript, it's a virus that infects other programs, and is spread by copying infected executables around. Just like the old days with MS-DOS viruses passed around on BBS's.

Incidentally, you could probably limit your vulnerability if the program was installed by an Administrator but only run by users without write permission, or if you removed write permission from programs that you run in your own folders.

The really cool thing is that it's written in IA64 assembly code. That sounds like quite an impressive feat. From what I hear that is far worse even than the PPC64 assembly code I usually write.

Re:Totally Oldschool

[psavo]

feh. ia64 assembly isn't necessarily hard. The hard thing is to keep all the pipelines full so that it's general slowness don't kill performance.

EPIC stands for explicitly parallel, not mind-numbingly-hard assembly.

Re:Totally Oldschool

[MalleusEBHC]

Editors dupe stories, so let's dupe posts!

While I guess it could be the same AC, I highly doubt it. Regardless, I'm surprised it's an AC reposting in this thread since it can't be karma whoring.

Re:Totally Oldschool

[sentientbeing]

[Frodo examines the computer with the virus from a network share. Gandalf grabs it from him and throws it into the fire.]
Frodo: "What are you doing?!"
[Gandalf takes the disk out from the server with tongs.]
Gandalf: "Hold out your hand, Frodo. It's quite cool."
Gandalf: "What can you see? Can you see anything?"
Frodo: [examines the virus] "Nothing. There's nothing."
Frodo: "Wait ... there are markings. It's some form of assembly. I can't read it."
Gandalf: "There are few who can. The language is that of IA64. Which I will not utter here."
Frodo: "IA64 ?!"
Gandalf: "In the common tongue, it says 'One virus to Rule them all, One virus to find them. One virus to bring them all, and in the darkness bind them. "
[Gandalf sits at the table, smoking crack, while Frodo makes tea]

The payload

[blowdart]

This threat does not infect 32-bit systems and will not run on 32-bit Windows platforms. It is a direct-action infector, typically exiting memory after execution, and is written in IA64 (Intel Architecture) assembly code

The payload causes infected windows machines to resubmit the same story to slashdot every day, in the hope that a duplicate story will arise.

Richard Stallman was quoted as saying the virus was sourced at Microsoft in an attempt to make linux news sites look silly, then requested that the source for the virus be published openly under a FSF license. SCO then claimed that they had the first 64 bit virus, and were now going to sue the author and every owner of an infected machine. Larry Elison was rumoured to say that the Oracle 64bit virus ran faster and cheaper than an MS 64 bit virus and stood grinning until someone pointed out that Bill Gates can buy him 10 times over.

Lower TCO.

[rice_burners_suck]

For immediate release: M5FT today announced that by using Windows, enterprises cut their TCO and increase the time employees have for coffee breaks. By leveraging innovative technologies, content providers streamline compelling enterprise solutions.

Gill Bates, the Architect of Windows and the Matrix, was pleased to say, "Our studies have proven that an eMachines costing $500 and running Windows XP has a lower TCO for opening a 2kb email than does a cluster of 1000 IBM z360 mainframes running Linux performing the same task. The cost, using Windows, was about 1 cents per bit, while the cost of the Linux setup was about $88,281,813.25 per byte. Clearly, Windows is much less expensive than Linux.

"Further," said Gill Bates, "employees get more coffee breaks while Windows is reinstalling after a virus breakout. With a Linux environment, the employees of your enterprise might have to work all day long, because the operating system simply isn't considerate enough to offer a coffee break or two every ten minutes."

Daddypants got the weekend off?

[invisik]

I e-mail Daddypants about the duplicate status of this story and they still ran it. Does anyone ever check that email address?

-m

I say..

[modifried]

.. we all head over to the previously posted article and post other users' +5, Informative/Interesting/Insightful responses as our own, on here.

Re:I say..

[nukka]

Re:W32/Shrug (Score:5, Funny) by Anonymous Coward on Thursday May 27, @12:23PM (#9268580) Don't say something like that. You're going to start an endless thread of "Back in my days we used [ancient technology] and liked it" ... "Yes, but when I was young, we used [even more ancient technology]!" [ Reply to This | Parent ] technology? (Score:5, Funny) by Anonymous Coward on Thursday May 27, @01:41PM (#9269766) Technology? You had TECHNOLOGY? Why you kids got it easy, WE didn't have technology, no sir! Why, first we had to walk UP-hill, 83 miles, to the sacred valley, then we had to get naked, smear ourselves with cowdung and ashes, eat magic mushrooms and DREAM about technology! That's all WE Had, and we LIKED IT!

Re:I say..

[SpectreGadget]

You didn't finish! You forgot that you had to walk UP-hill 83 miles BACK from the sacred valley.

Hypocrites!!

[KarmaPolice]

If you are going to complain about dupes, why not take a look at the current comments before creating another "Yep, it's a dupe"-comment.

Dupes are bad, but dupe comments about dupes...why, that's just silly!!

Re:Hypocrites!!

[Glasswire]

Didn't somebody already point out the irony of dupe comments on a dupe post? You, sir, are redundant.

Re:HOw about AMD?

[cbreaker]

Read the symantic security advisory, it says IA64, and specifically says NOT AMD64.

Your post is almost as bad as the fact that this article was even put up here today.

Proof of concept?

[Jugalator]

Is this a proof of the "Slashdot dupe story" concept?

Is this the smallest known virus ?

[c_ollier]

I mean, 64 bits, eight bytes, it must be some ultra leet code ! Maybe using some advanced compression technology ?

Re:Is this the smallest known virus ?

[IdntUnknwn]

You're joking, right?

Re:Is this the smallest known virus ?

[shrykk]

LOL thanks AC, that was hilarious.

Maybe someday computers will be vulnerable to confusing riddles and arguments.

Re:Is this the smallest known virus ?

[c_ollier]

You're right, of course I'm joking. And I don't like very much the "joke signs" for the "humor - impaired". Humor, particularly irony, shouldn't need big red signs. That's part of the joke : was he _really_ joking ?

good for him!

[bsDaemon]

I know we shouldn't cheer on virus writers, but this is one person who actually deserves credit this time. IA64 assembler, not VB. This actually took some skill and knowledge to create.

Re:good for him!

[PopCulture]

then its a good thing we don't cheer on virus writers... you ass.

lets all bow down to this guy 'cause he is a new generation dumbass virus writer. thats about on par with your dumb-ass racist rant from your webpage.

Stop the argument before it starts...

[rice_burners_suck]

And for those of you who think that once Linux takes over the world, the new viruses will target Linux, I think you are not taking the following factors into consideration:

1. Windows is an inherent security risk because nobody can see the source code and identify security problems. This might be touted as an advantage, because in the eyes of IT CIOs who don't know anything about computers, it is supposed to prevent security problems from becoming known. However, this does not take into consideration the 1337 h4x0rz who have a deep knowledge of computers, networks, and programming, and who have the time to find the bugs without seeing the source code. Thus, bugs that would be found and fixed quickly through access to the source code are not found and fixed until it's too late. In Linux, these bugs are usually fixed in the same day as they are found.
2. Many viruses are created to target Windows because many people hate Windows, Microsoft, and the political, social, and economic ideas they represent. These same individuals would not feel the same animosity towards Linux, because it does not represent the enrichment of a single entity at the expense of the entire world.
3. Windows contains a tremendous amount of code and features that not every business or individual needs. These customers cannot remove that code, and therefore, there are that many more potential bugs and vulnerabilities present in their installations that would not otherwise be there. Linux can be modified, and usually is, so that each system is different. Unneeded features are not installed.
4. All installations of Windows are effectively identical because, as I just said, you cannot modify anything. This means that all the zillions of people who are running the same version of Windows are vulnerable to the same bugs and viruses. Which means that a virus created for any version of Windows has a much larger "market" than one created for Linux, in which there are almost as many variations as there are installations.

Re:Stop the argument before it starts...

[robasen]

Can we get some sort of bridge here from slashdot to the real world? I know we've all been through this before, so I'll leave off comments on the rest (well, just to mention that Bill G has an army on this stuff, vs "nobody can see the source code" - I know, you meant 14-yr old white hats in Bratislava, and that's just the least of it)... but, the "customers cannot remove that code, therefore..." bit is just stunning in its lack of understanding of why people care about computers (not here of course, I mean most people).

Only a small fraction of Windows users care in the least about what they could or could not remove/include - enterprise admins, hobbyists, me, etc - the vast majority want to execute their work/email/games whatever, I mean does your grandma/boss/accountant even update anti-virus? I'm sure you've all been through linux releases and know that even for the devoted fetishist it's pretty intense. If you just want to get your work done and go on with your real life, why would you even care to spend a second thinking about this stuff?

And for all the folks mentioning Apple, OMG, enough already - if you're a hacker bent on destruction, don't you want to target the overwhelming majority of systems out there (e.g., per #4 above)?

Since we're going to re-hash these discussions from ENIAC until doomsday, let's at least freshen them up.

Re:Stop the argument before it starts...

[Tim+C]

You can't stop this argument, I'm afraid...

1. I don't remember a single exploit for the last couple of years at least that used a hole that wasn't patched before the exploit made it into the wild. The problem is not so much the lack of code inspection, as the sheer number of users that don't keep their systems up to date. That will be just as true if people are using Linux as it is now - with 2K and XP, critical updates can even be downloaded and installed automatically, and yet people still get hit by patched holes!
2. A fair number aren't too keen on the GPL, the Free (as opposed to free) software movement, and particularly RMS. I don't think it's too much of a stretch to imagine groups of pissed-off MS fanboys cooking up Linux exploits should it attain desktop dominance. For that matter, I think you vastly overestimate the people behind these things. There is no noble cause driving them, it's vandalism and anti-social behaviour, pure and simple. These are the sorts of people who'd be shoplifting and spraying graffiti if they weren't quite so good with computers. For them, the target platform is just whatever's the most popular (= highest chance of finding a soft enough target), and/or whatever they can download attack scripts for.
3. The same is true of a fully-installed Linux system, and the average home user is no more equipped to pare it down than they are to switch off non-essential Windows services.
4. This is true; however, should Linux attain a sizeable share of the desktop market, you'll find that only a small handful of the most user-friendly distros are used. I can see it coming down to Mandrake, Fedora and SUSE being in the vast majority. That lessens the effect you describe, although the situation is clearly still better than for Windows. However, most of the distros (in my experience) ship with pretty-much the same stuff - they'll supply different config tools, put config files in different places, ship with minor/teeny differences in package revisions, etc. Whenever security holes are posted here that affect Linux, however, it's generally the case that all the major distros are affected. I think that Linux viruses and exploits will have wider applicability than you think.

Basically, it all comes down to opinion. I actually agree with you in part, that Linux is more resistant to these things than Windows. However, I don't think that it's immune, and I don't think that the script kiddies, virus writers and crackers will just give up and find something else to do if Linux supplants Windows on the desktop. Only time will tell, however.

Well I see...

[darth_silliarse]

...it isn't the first Slashdot repost :oP

not the first

[siege04]

64 bit Windows was the first. *ducks*

New gentoo package

[gmuslera]

emerge rugrat

to try the newest gentoo/64 package

Time for a new slogan:

[dark-br]

News for the Amnesiac. Stuff that mattered.

Clearly another dupe

[chamblah]

They are even duping previous made comments

What about us Gentoo users?!

[chris_eineke]

$ emerge rugrat

These are the packages that I would merge, in order:

Calculating dependencies
emerge: there are no masked or unmasked ebuilds to satisfy "rugrat". :-(

Duped Logic

[soloport]

Here we go again... So, why is MS IIS so much more exploited than is Apache? Why is MS Exchange more exploited than 'sendmail' (these days)? Why is MS SQL more exploited than Oracle?

Answer: Because they are so much more exploitable; Not because they are more popular.

BTW, welcome to slashdot.

I'm glad

[pukvete]

I'm glad I'm using 32bit windows so I can be safe from these pesky 64bit viruses. As the viruses move on to newer windows technology, I will keep my 'ol 32bit windows and eventually be free from virus attacks! I for one welcome our new 64bit virus overlords.

Diagnosing Rugrat virsus...

[TheReal_BarkMan]

Apparently the only known symptom of this virsus is its ability to generate multiple /. posts.

Let me be the first..

[Epistax]

Let me be the first to give a..

00 00 00 00 00 00 00 65
00 00 00 00 00 00 00 72
00 00 00 00 00 00 00 65
00 00 00 00 00 00 00 72
00 00 00 00 00 00 00 33

Re:Let me be the first..

[aardvarkjoe]

Let me be the first to give a..

'erer3' ?

Perhaps you meant:

00 00 00 00 00 00 00 41
00 00 00 00 00 00 00 48
00 00 00 00 00 00 00 41
00 00 00 00 00 00 00 48
00 00 00 00 00 00 00 21

ASCII in decimal? Abomination.

Re:Let me be the first..

[PeterPumpkin]

I'm sure he meant "AHAH!" For those using Virdows 95+, fire up notepad and press alt-keypad6-keypad5, alt-keypad7-keypad2,etc.

Please explain 'concept viruses' to me

[PsiPsiStar]

Why do people make 'concept viruses?'
Who does this? Is it a matter of hackers trying to warn others of what is possible? Is it about people trying to see for themselves what is possible without causing harm?

Re:Please explain 'concept viruses' to me

[Fjornir]

They're people. People with their own motivations. Not some sort of hivemind. You've just guessed at two of them -- and probably good guesses that may match at least two of the writers either in part or in whole.

Here's another one: some virus writer may not want to do time for releasing one of his creations. So he gives the hard part (the infection vector) away so someone who's got more chutzpa or less common sense can weld a payload onto it.

What no virii for 64-bit Linux?

[Aggrajag]

I hate people who say that the reason for the amount of virii for Windows is caused because of it's popularity. 64-bit Linux has been available for a long time now and are there any virii targetting it? I didn't think so.
Every slashdotter knows the real reason for Windows virii (hint: Outlook etc.)

Re:What no virii for 64-bit Linux?

[Aggrajag]

That's not flamebait, that's funny+5 ;)

Parent plagarizes

[EZmagz]

This is stolen straight from prostoalex's comment on Thursday, verbatim:

http://slashdot.org/comments.pl?sid=109094&cid=9 268404.

Honestly, I would have modded this as redundant, but felt that the original author should at least get credit for coming up with a witty post (instead of another unoriginal AC bastard).

Ok kiddies, troll away...

Re:Hint to moderators:

[drinkypoo]

If I cared about karma I'd post the followup as an AC so that I couldn't lose karma for it.

I'm just trying to make the world a better place.

Re:People please! A quicker method

[mikael]

PLEASE PLEASE PLEASE do a search on Slashdot for previous articles before posting and/or approving articles! Going to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a story about the first 64-bit Windows virus from Thursday, May 27th, 2004.

An even quicker method is to click on the symbol that the article is talking about (in this case, the combination lock). This immediately brings up the two stories side by side.

How difficult would it be to modify the slashdot submit story to display the previous stories submitted under a particular symbol?

Flame all you want

[The+Meshback]

Sometimes I see a dupe article on /. Sometimes that same article will appear more than a few times. Do I get up-in-arms about it? No, I just let it go. /. has about 10 editors, AFAIK, and who knows how many stories get submitted everyday? I'd say at least in the 1000-range. So you expect every fscking article that is interesting to be reseached?

Flame me all you like, but I'd just like to point out that the editors of /. are HUMAN. If they post a dupe, ignore it, go to another article, rethink your view on it. I can hardly believe that you have never made a mistake in your life. You've never typed a wrong character when you were coding? You've never wrongly diagnosed a pc problem? The /. editors are doing us a service of showing articles that they think WE will find interesting. If you have such a hard time with an occasional human failure, go look for another site that's as good. I can assure you you will not find it.

No Flames, no Insightfuls

[Daengbo]

Sitting at Score:1... Shame

Yawn

[BCW2]

Another virus for another version of an M$ OS. Wake me when something new happens.

This isn't news, it's just inevitable.

Re:Yawn

[Halfbaked+Plan]

I remember the good old days, when all the most interesting viruses were on non-Microsoft systems. The Amiga comes to mind.

NX bit?

[evilpaul13]

Does this virus run on Wintel64 boxes that have one of the NX bit hardware protection? I think that was supposed to prevent buffer overruns...

Re:Missing the linux lockdown

[Torne]

Unfortunately, noexec is trivial to bypass, just run: /lib/ld-linux.so.2 /home/me/my-evil-binary

Sorry =)