Slashdot Mirror

← Back to Stories (view on slashdot.org)

64-Bit Rugrat Virus Emerges

Posted by timothy on from the like-cicadas-are-the-skripters dept.

weekendwarrior1980 writes "The first computer virus to target 64-bit Windows systems has been detected by security authorities. Dubbed "W64.Rugrat.3344," the virus is a fairly benign, proof-of-concept infection agent, according to a report issued on the Symantec Web site. This threat does not infect 32-bit systems and will not run on 32-bit Windows platforms. It is a direct-action infector, typically exiting memory after execution, and is written in IA64 (Intel Architecture) assembly code." Update: 05/29 19:26 GMT by T : Yes, this is the same "non-event" virus already mentioned.

35 of 162 comments (clear)

  1. Hey, kids! by Rick+Zeman · · Score: 4, Funny

    It's time for the summer reruns!!!

    1. Re:Hey, kids! by leerpm · · Score: 5, Funny

      So does this mean when the first 128-bit based virus debuts we can expect 4 posts about it? :)

  2. Repost by Markaci · · Score: 4, Informative

    http://slashdot.org/article.pl?sid=04/05/27/158244

  3. 64 bit eh? by 2MuchC0ffeeMan · · Score: 4, Funny

    since it has twice the bits it gets twice the postings... yay!

    --
    Runnin' On Empty .... I'm Still Alive
    1. Re:64 bit eh? by Wordsmith · · Score: 2, Funny

      So it's going to be posted four times in total?

    2. Re:64 bit eh? by DrEldarion · · Score: 2, Funny

      Actually, it gets 4294967296 times the postings. Crap.

  4. People please! by chrisgeleven · · Score: 5, Insightful

    PLEASE PLEASE PLEASE do a search on Slashdot for previous articles before posting and/or approving articles!

    Going to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a story about the first 64-bit Windows virus from Thursday, May 27th, 2004.

    Unbelievable. Took me 2 seconds to do the search and would save a dupe.

    Slashdot's habit of duplicating stories is getting pretty rediculous.

    1. Re:People please! by uss_valiant · · Score: 2, Funny
      oing to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a stor[...]

      Rugrat, who remembers Rugrat? I searched for "virii" *lol*!
  5. Proof of Concept? by Prince+Vegeta+SSJ4 · · Score: 5, Funny
    proof of concept? PROOF OF CONCEPT you say!

    I couldve proven that a virus was possible

    • 64 bit Windows

    There, I proved it's posible

    1. Re:Proof of Concept? by Strong+Arm+Coat · · Score: 2
      Hrm. and macosx has had more vulnerabilities in the last month than windows. That says alot more don't you think?
      And Windows XP SP1 has had more vulnerabilities since its release than OS X has had. (Both were released in 2001.) That says a lot more, don't you think?
    2. Re:Proof of Concept? by Smitty825 · · Score: 2, Insightful

      And Windows XP SP1 has had more vulnerabilities since its release than OS X has had. (Both were released in 2001.) That says a lot more, don't you think?

      I don't think that is a fair comparison, either. Since so many more people use Windows on a day-to-day basis than MacOS X, there is more of an incentive for people to create virii for Win, and there are significantly more people that know how to program Windows than OS X...

      As Linux/BSD/OS X/(insert favorite OS here) grow in popularity, there are going to be more exploits in each of these OSs. This just means that everybody needs to pay more attention to their computers, and keep those security patches up to date!

      --

      Doh!
  6. The title of the article should be by slyxter · · Score: 5, Funny

    "First duplicate article on the 64 bit windows virus found!" more at eleven.

    --

    Pubcrawler.ca
    .
  7. Well now that dident take too long did it. by Coolmoe · · Score: 5, Funny

    That has got to be comforting to people making 64 bit OS's. There is code waiting!

    Now finally a way to make your 64bit computer feel more like your 32bit ones.

    --
    Got hosting
  8. Re:Didn't we already hear about this? by thbarnes · · Score: 2, Informative

    Yep... http://slashdot.org/article.pl?sid=04/05/27/158244

  9. This was covered two days ago. by Geoffreyerffoeg · · Score: 2, Interesting

    Dupe.

    Don't the editors them selves read Slashdot...hm, I can see why not. Vicious circle. The more dupes posted, the less they're inclined to read articles, and the more dupes they approve.

  10. Rugrat by LGagnon · · Score: 5, Funny

    "W64.Rugrat.3344", soon to be followed by "W64.Reptar.3344".

  11. What's interesting... by Lars+Clausen · · Score: 5, Interesting

    We have here a virus for IA64, a system that's out there in a minimal amount of machines, all high-end (presumably well-protected) servers. Now one of the standard explanations for the lack of viruses for Linux is that Linux is not as widespread. It is, however, much more widespread than IA64. Thus the amount of Linuxen out there is certainly not the only reason we're not seeing virues for Linux. Who knows, maybe Linux *is* actually more secure than Windows?

    -Lars

    1. Re:What's interesting... by Chester+K · · Score: 3, Insightful

      We have here a virus for IA64, a system that's out there in a minimal amount of machines, all high-end (presumably well-protected) servers. Now one of the standard explanations for the lack of viruses for Linux is that Linux is not as widespread. It is, however, much more widespread than IA64. Thus the amount of Linuxen out there is certainly not the only reason we're not seeing virues for Linux. Who knows, maybe Linux *is* actually more secure than Windows?

      You act as if there've never been any worms or viruses for Linux...

      --

      NO CARRIER
  12. There is a lesson here by hedley · · Score: 2, Interesting

    As I have said before, a server with a morphable ISA can be really valuable. This new infection only works on i64. Now imagine a writable control store i32 where you can change the decoder/isa cracker. A linux disti with toolchain built from a random #. The random # permutes the ISA and updates the WCS. A new binutils is built and kernel built from that. It will only run on that #'d ISA. Any worm arriving on the wire will die since its i32 decodings have no meaning in this context.

    Hedley

  13. In other news... by networkGhettoWhore · · Score: 3, Funny

    The SD.DupeStory.2004 virus has been running rampant. Although, experts claim it is simply an operator error.

    --
    Natural Selection: self-destruction of the poor and lazy
  14. The payload by blowdart · · Score: 5, Funny
    This threat does not infect 32-bit systems and will not run on 32-bit Windows platforms. It is a direct-action infector, typically exiting memory after execution, and is written in IA64 (Intel Architecture) assembly code

    The payload causes infected windows machines to resubmit the same story to slashdot every day, in the hope that a duplicate story will arise.

    Richard Stallman was quoted as saying the virus was sourced at Microsoft in an attempt to make linux news sites look silly, then requested that the source for the virus be published openly under a FSF license. SCO then claimed that they had the first 64 bit virus, and were now going to sue the author and every owner of an infected machine. Larry Elison was rumoured to say that the Oracle 64bit virus ran faster and cheaper than an MS 64 bit virus and stood grinning until someone pointed out that Bill Gates can buy him 10 times over.

  15. Lower TCO. by rice_burners_suck · · Score: 5, Funny
    For immediate release: M5FT today announced that by using Windows, enterprises cut their TCO and increase the time employees have for coffee breaks. By leveraging innovative technologies, content providers streamline compelling enterprise solutions.

    Gill Bates, the Architect of Windows and the Matrix, was pleased to say, "Our studies have proven that an eMachines costing $500 and running Windows XP has a lower TCO for opening a 2kb email than does a cluster of 1000 IBM z360 mainframes running Linux performing the same task. The cost, using Windows, was about 1 cents per bit, while the cost of the Linux setup was about $88,281,813.25 per byte. Clearly, Windows is much less expensive than Linux.

    "Further," said Gill Bates, "employees get more coffee breaks while Windows is reinstalling after a virus breakout. With a Linux environment, the employees of your enterprise might have to work all day long, because the operating system simply isn't considerate enough to offer a coffee break or two every ten minutes."

  16. I say.. by modifried · · Score: 3, Funny

    .. we all head over to the previously posted article and post other users' +5, Informative/Interesting/Insightful responses as our own, on here.

    1. Re:I say.. by nukka · · Score: 2, Funny

      Re:W32/Shrug (Score:5, Funny) by Anonymous Coward on Thursday May 27, @12:23PM (#9268580) Don't say something like that. You're going to start an endless thread of "Back in my days we used [ancient technology] and liked it" ... "Yes, but when I was young, we used [even more ancient technology]!" [ Reply to This | Parent ] technology? (Score:5, Funny) by Anonymous Coward on Thursday May 27, @01:41PM (#9269766) Technology? You had TECHNOLOGY? Why you kids got it easy, WE didn't have technology, no sir! Why, first we had to walk UP-hill, 83 miles, to the sacred valley, then we had to get naked, smear ourselves with cowdung and ashes, eat magic mushrooms and DREAM about technology! That's all WE Had, and we LIKED IT!

      --

      \x69 \x68\x69\x64 \x74\x68\x65 \x62\x6f\x64\x69\x65\x73 \x69\x6e \x74\x68\x65 \x66\x72\x65\x65\x7a\x65\x72

  17. Hypocrites!! by KarmaPolice · · Score: 3, Insightful

    If you are going to complain about dupes, why not take a look at the current comments before creating another "Yep, it's a dupe"-comment.

    Dupes are bad, but dupe comments about dupes...why, that's just silly!!

  18. Stop the argument before it starts... by rice_burners_suck · · Score: 5, Insightful
    And for those of you who think that once Linux takes over the world, the new viruses will target Linux, I think you are not taking the following factors into consideration:
    1. Windows is an inherent security risk because nobody can see the source code and identify security problems. This might be touted as an advantage, because in the eyes of IT CIOs who don't know anything about computers, it is supposed to prevent security problems from becoming known. However, this does not take into consideration the 1337 h4x0rz who have a deep knowledge of computers, networks, and programming, and who have the time to find the bugs without seeing the source code. Thus, bugs that would be found and fixed quickly through access to the source code are not found and fixed until it's too late. In Linux, these bugs are usually fixed in the same day as they are found.
    2. Many viruses are created to target Windows because many people hate Windows, Microsoft, and the political, social, and economic ideas they represent. These same individuals would not feel the same animosity towards Linux, because it does not represent the enrichment of a single entity at the expense of the entire world.
    3. Windows contains a tremendous amount of code and features that not every business or individual needs. These customers cannot remove that code, and therefore, there are that many more potential bugs and vulnerabilities present in their installations that would not otherwise be there. Linux can be modified, and usually is, so that each system is different. Unneeded features are not installed.
    4. All installations of Windows are effectively identical because, as I just said, you cannot modify anything. This means that all the zillions of people who are running the same version of Windows are vulnerable to the same bugs and viruses. Which means that a virus created for any version of Windows has a much larger "market" than one created for Linux, in which there are almost as many variations as there are installations.
    1. Re:Stop the argument before it starts... by Tim+C · · Score: 2, Insightful
      You can't stop this argument, I'm afraid...
      1. I don't remember a single exploit for the last couple of years at least that used a hole that wasn't patched before the exploit made it into the wild. The problem is not so much the lack of code inspection, as the sheer number of users that don't keep their systems up to date. That will be just as true if people are using Linux as it is now - with 2K and XP, critical updates can even be downloaded and installed automatically, and yet people still get hit by patched holes!
      2. A fair number aren't too keen on the GPL, the Free (as opposed to free) software movement, and particularly RMS. I don't think it's too much of a stretch to imagine groups of pissed-off MS fanboys cooking up Linux exploits should it attain desktop dominance. For that matter, I think you vastly overestimate the people behind these things. There is no noble cause driving them, it's vandalism and anti-social behaviour, pure and simple. These are the sorts of people who'd be shoplifting and spraying graffiti if they weren't quite so good with computers. For them, the target platform is just whatever's the most popular (= highest chance of finding a soft enough target), and/or whatever they can download attack scripts for.
      3. The same is true of a fully-installed Linux system, and the average home user is no more equipped to pare it down than they are to switch off non-essential Windows services.
      4. This is true; however, should Linux attain a sizeable share of the desktop market, you'll find that only a small handful of the most user-friendly distros are used. I can see it coming down to Mandrake, Fedora and SUSE being in the vast majority. That lessens the effect you describe, although the situation is clearly still better than for Windows. However, most of the distros (in my experience) ship with pretty-much the same stuff - they'll supply different config tools, put config files in different places, ship with minor/teeny differences in package revisions, etc. Whenever security holes are posted here that affect Linux, however, it's generally the case that all the major distros are affected. I think that Linux viruses and exploits will have wider applicability than you think.

      Basically, it all comes down to opinion. I actually agree with you in part, that Linux is more resistant to these things than Windows. However, I don't think that it's immune, and I don't think that the script kiddies, virus writers and crackers will just give up and find something else to do if Linux supplants Windows on the desktop. Only time will tell, however.
      --
      It's official. Most of you are morons.
  19. New gentoo package by gmuslera · · Score: 2, Funny
    emerge rugrat

    to try the newest gentoo/64 package

  20. Time for a new slogan: by dark-br · · Score: 2, Funny

    News for the Amnesiac. Stuff that mattered.

  21. What about us Gentoo users?! by chris_eineke · · Score: 2, Funny

    $ emerge rugrat

    These are the packages that I would merge, in order:

    Calculating dependencies
    emerge: there are no masked or unmasked ebuilds to satisfy "rugrat". :-(

    --
    "All you have to do is be fragile and grateful. So stay the underdog." Chuck Palahniuk, Choke
  22. Duped Logic by soloport · · Score: 2, Insightful

    Here we go again... So, why is MS IIS so much more exploited than is Apache? Why is MS Exchange more exploited than 'sendmail' (these days)? Why is MS SQL more exploited than Oracle?

    Answer: Because they are so much more exploitable; Not because they are more popular.

    BTW, welcome to slashdot.

  23. Parent plagarizes by EZmagz · · Score: 3, Informative
    This is stolen straight from prostoalex's comment on Thursday, verbatim:
    http://slashdot.org/comments.pl?sid=109094&cid=9 268404.

    Honestly, I would have modded this as redundant, but felt that the original author should at least get credit for coming up with a witty post (instead of another unoriginal AC bastard).

    Ok kiddies, troll away...

    --

    "Hell hath no fury like a woman scorned for SEGA. ..."

  24. Flame all you want by The+Meshback · · Score: 2, Interesting

    Sometimes I see a dupe article on /. Sometimes that same article will appear more than a few times. Do I get up-in-arms about it? No, I just let it go. /. has about 10 editors, AFAIK, and who knows how many stories get submitted everyday? I'd say at least in the 1000-range. So you expect every fscking article that is interesting to be reseached?

    Flame me all you like, but I'd just like to point out that the editors of /. are HUMAN. If they post a dupe, ignore it, go to another article, rethink your view on it. I can hardly believe that you have never made a mistake in your life. You've never typed a wrong character when you were coding? You've never wrongly diagnosed a pc problem? The /. editors are doing us a service of showing articles that they think WE will find interesting. If you have such a hard time with an occasional human failure, go look for another site that's as good. I can assure you you will not find it.

  25. Re:good for him! by PopCulture · · Score: 2, Insightful

    then its a good thing we don't cheer on virus writers... you ass.

    lets all bow down to this guy 'cause he is a new generation dumbass virus writer. thats about on par with your dumb-ass racist rant from your webpage.

    --

    Here's to finally giving Bush his exit strategy in November
  26. Re:Missing the linux lockdown by Torne · · Score: 2, Interesting

    Unfortunately, noexec is trivial to bypass, just run: /lib/ld-linux.so.2 /home/me/my-evil-binary

    Sorry =)