Slashdot Mirror
Virus Writers Look Ahead: Target 64-bit Windows
Ashcrow writes "A new virus, named W64.Shruggle.1318 by Symantec, is being 'tested' on AMD64 machines running 64-bit Windows. While it is not currently a danger to 64-bit Windows users, it does show that virus writers are looking toward the future. The exploitable software in questions is currently unreleased outside of beta. News.com has the full article."
I hadn't realised that there were sufficiently many fundamental changes to a 64-bit system as compared to a 32-bit system that meant that a virus written for one wouldn't work on the other. What's so different? How does a different integer or word size affect the functioning of a virus so greatly, when interoperability is such a priority?
It sucks to be Microsoft knowing you are the #1 target for these people. I wish they didn't make it so easy...
Free Image Hosting
Where can I sign up for beta testing!?
but now I know. It IS those damn virus protectors making the viruses. I always said if there weren't any viruses the virus protectors would be out of business and they wouldn't allow it. This is the proof.
...a virus has been created for the 68000! Virus writers are thinking in the past! It's called W32@Lame.
what?
1. You're an idiot.
2. It's Viruses, not Virii.
3. You're an idiot.
The same CPU also gives AV software the same increase in speed etc. So it's just business as usual for AV, the war between the virus makes and the Anti-virus makes continues no matter what architecture the underlying structure has.
Your humanitarian side is showing through. Please make them watch Liza Minelli first, not last.
"contribute to the downfall of the (computing) society"
Bzzt!!
The computing society as a whole is doing just fine, thx.
The retards still running MS software connected to any sort of network are the only ones doing any 'falling down.'
Phew! I was worried that all those hordes of current 64-bit Windows users would be at danger.
that Windows is just targeted because it is so popular, not because of inherent security problems.
After all Windows 64-bit is allready installed on millions and millions of machines so it is only natural that hackers attack it instead of those few machines that run 64-bit Linux.
Oh, wait...
Nevermind.
um... wtf are you on about?
Sometimes it is almost as if antivirus companies hire people to write all those "proof of concept" virusses, just to make sure that they don't loose any marketshare and they have another good reason to have their spread through press releases...
Ricardo.
What you said make no sense and bairly brushes on reality!
"The virus supports vectored exception handling to avoid crashing during infections."
:->
Maybe this is a good thing.
Those viruses will show developers how to write better code.
Seriously though, vulnerabilities will grow in proportion to the complexity of our systems.
A new virus, named W64.Shruggle.1318 by Symantec, is being 'tested' on AMD64 machines running 64-bit Windows. While it is not currently a danger to 64-bit Windows users, it does show that virus writers are looking toward the future. The exploitable software in questions is currently unreleased outside of beta
So... not only did SP2 suffer delay upon delay until its release, we now have to put up with the same delays for our windows viruses?
This is an oldschool virus, it works by appending itself to the end of an .EXE, the Linux "proof-of-concept" viruses worked this same way.
.MSI files instead of .exe installers. (They work the same, double click the .MSI and it runs MS's Installer, but the MSI can't run arbitrary code.. it works like an RPM in this regard).
.exe so that only admin can write to it.
.exe not installed by the MS Installer should be marked as "dirty", and windows should refuse to run it.
MS actually has some safeguards to prevent this thing, but it could use some minor tweaks to make it even better.
I propose that XP should require you to create a user account by default.
I propose that all software should be distributed as
The installer should prompt for the Admin password and install the
Any
This would prevent this type of virus. Coupled with XP64s support for NX, you'd actually have some semblance of security.
This has happened before.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
I don't think 64bit will bring up a new era of hyperintelligent virii. There is still the limitation of size. Small virii spread easier and hide better. Huge hyperintelligent virii would need like whole rootkits to hide themselfs
.sigh
Actually, this doesn't really make a lot of sense. If the entire point of a virus is to cause widespread destruction, then doesn't it make more sense to write a virus for 32bit computers?
Although I thoroughly disagree with these malicious programs, and any virus of any discription, they do encourage people to create neater code and to develop better code that is invulnerable to these kinds of exploits. One could always hypothesise about how much we may or may not have developed programming code without having to spend money on prevention of these exploits.
If at first you DON'T succeed, Skydiving is NOT for YOU!!
the easier it is to gum up all the works.
I think Mr. Scott said that in one of the Star Trek movies?
--- Grow a pair, liberals... stop letting the Republicans bully you!
though AC'd, probably in anticipation of moderation by people who dont get the refrence, parent is not a troll. It's actually a refrence to an early (not /too/ early, I wasnt around back then) virus which I managed to get infected with on Windows 3.1 (no, I dont use antivirus software to this day, I just dont trust every floppy I find in a computer lab anymore... and no, I dont really still use floppies)
deserves at least a 0, funny. I mean, it's not that funny, but it's not a troll.
-- 'The' Lord and Master Bitman On High, Master Of All
Yay for portability!
Never learn by your mistakes, if you do you may never dare to try again
Because you didn't comment on "caluculations", "sofisticated" and "sealth".
This mal"ware" will probably have a better beta test cycle than most of the soft"ware" released these days. It'll be idiot proof, so anyone can get infected...
- No need to call us, we'll infect you.
Who modded this insightful? I am on windows, I have no problems whatsoever, I don't even have tracking cookies and I haven't been hit by a virus since 1999 or something like that. So quit calling people retards just because they are using windows in a network environment! P.S. I have nothing against linux, I would love to switch but there are no drivers for my USB PPPoE modem for linux. I am not even talking about driver problems on BeOS (which I consider better than linux).
what?
1. Yeah, he probably is.
2. It's a fucking slang term. Get off your fucking pedantic dumbass high horse.
3. You're an idiot.
'Standards' in computing only impress those who are impressed by things like 'standards'.
Symantec: The internet is a dangerous place these days - overrun with all sorts of viruses, worms, and malware. But, for only $79, we can see to it that your computer is safe. Without us, who knows what might happen to you...
As usual, there are few calls to shoot the damn writers of the viruses ... the true problem.
...
... leave it to the owner of the building to take care of the vandalism instead of tracking down and cutting the hands off the criminals that did the damage.
If it wasn't for the criminals, most windows 'problems' wouldn't be an issue at all.
before you whine at me, and incorrectly call me flamebait for disagreeing with your somehow more enlightened views about the great good those virus writers do with their vandalism
what do you think of grafitti? do you like it when you look outside in the morning and see some bastard's tag painted on your building?
You fools treat viruses the same way that most cities (and those fools that call it 'art') treat grafitti
It's great, isn't it? We set up 3 AMD64 servers before I bought one for myself at home.
I can't imagine anyone wanting to criple themselves with Windows on such a great platform.
Serious? Seriousness is well above my pay grade.
Tinfoil hat time: perhaps all the FUD about SP2 problems, users unwilling to update etc. is just being put out by spammers and malware merchants.
I agree there is a problem, especially with people who think they are creative. I'm afraid I was positively delighted when the author Louis de Bernieres lost the first 60 pages of his new novel becaue he had failed to make a backup, and complained that he didn't expect to have to make backups, he wasn't a computer expert (or words to that effect). People need to understand that failure to learn the basics can result in pain and distress.
Panurge has posted for the last time. Thanks for the positive moderations.
Yes, I use an Athlon64 currently running a standard 32bit OS. The article is trying to say in a round about way that virus writers want to get in on the 64 bit game. Yes, I do think the backwards compatible proc's like mine and the Opteron and Intels new proc are going to be more susceptible by 0.0000000000000000000000000000000000000001% more than a normal x86 processor. Big swing...
Nothing to see here. Besides I won't be running XP 64 bit edition ever anyweay, so I dont care. Im not even going to use my extra 32 bits until Slackware bring out a 64 bit OS of there own, and I hope they are in no hurry, and do it the Slackware way - properly.
Virii again :)
I wonder what the current stati of the virii are?
just to make sure that they don't loose any marketshare
Upon whom will they loose market share? Or did you mean that they will lose market share?
You, sir, have been served.
Regards,
Anonymous Coward, Esq.
Ahhh, as opposed to people to think they know everything because they have Maya on Windows (as used in... ZERO VFX production pipelines) and yet still manage to spend a large part of their day posting pro-MS flamebait on slashdot. Whatever mental problems you are experiencing that could lead to subconcious links between masterbation and linus, help is availiable and it really is nothing to be ashamed of; please seek professional advice.
Comment removed based on user account deletion
And I thought 64bits was the god sent answer to virii, script kiddies, and 'Please Insert Disk' errors I keep getting! *grumble*
...anti-virus company profits are down.
I bet the code is something like this:
while(windows) {
infect();
}
The start of that comment remided me of the old "microsoft bashing poem" of old..
64 bit virus on 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand for 1 bit of competition.
..oh no, I missed the "named by" bit.
Makes you wonder though...
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
Umm... I don't have Maya. I fucking hate Maya. Whatever the case, there are tons of places that use Maya on Windows. Mostly game companies and small VFX houses (not all VFX are in movies. Have you watced TV lately?).
Anyway, it's a joke. Laugh.
'Standards' in computing only impress those who are impressed by things like 'standards'.
When I Hack and port Windows 64, to my N64, will
I have to worry about a virus wiping my Zelda and
Mario saves?
http://cryptome.org/ncs-cryptome.htm
I feel safer already!
If you're so certain of the infallability of your Windows box why not post it's IP? Yeah, thought so.
Now I can get back to fapping over linux on AMD64
...and there we go again.
'How should I know when to enter and when not to enter the admin password?'
So, the user will just be fooled into installing a needed plugin (whatever) and enters the required password...
Can somebody please benchmark these new kind of virusses?
I for one would love to see some real-life performance improvements from this baby. Finally 64 bit gets used for its real goal!
(Imagine a beowulf of Athlon 64's/Opterons/... being hit with this new speedmonster...)
Dependency hell? =>
Hardware stack protection, finally, after all these years! All praise AMD! ;]
64 bit virii are more dangerous
Don't forget that they can access your computer over the power line and get through the tin foil on your windows. Yep.
Don't point the finger of idiocy so fast.
The plural for computer virus is virus. Not viruses or virii.
So put the finger down and walk away.
And? Is it faster?
(Score:5, Not Funny)
Some years ago I contracted with Symantec for about five months and worked closely with several of their departments, including the folks who did tech support for their anti-virus software. During that time Symantec offered a cash bounty to any techie who brought in a virus 'from the wild' that wasn't covered by the their antivirus software.
It was common knowledge that many of these 'wild' viruses were actually, in fact, written by the support staff themselves in order to collect on the bounty. But Symantec didn't care because this just allowed them to enlarge their virus definition file and show their customers why it was important to subscribe to their update service. From my point of view it was a "wink, wink, nudge, nudge" sort of thing.
This was one of just many things about Symantec which disgusted me so much that after that contract I refused to work with them ever again. I don't know if they still have an update service for their anti-virus software, but it wouldn't surprise me if many of our future 64-bit viruses came directly from employees of Symantec itself.
It's a great business model: release the viruses, then sell the software that combats those viruses. Unethical and illegal, but a solid money-maker for those who don't care about such trivial things.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
The problem with windows isn't that its users are stupid and don't know shit. The problem is that MS has chosen to encourage these computer morons to feel like they know what they are doing and has given them enough rope to hang themselves with.
It makes people feel good and gives helpdesk monkeys around the world fulltime employment.
Remember, virusses, trojans, spyware ARE GOOD for the local economy.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I'm going to write a library that I can port around to different operating systems and have all users install. Then the virus makers can just write against that library and have their viruses run against all platforms. Of course, this means distributing the virus in source code form and compiling it on the target computer, but I'm sure users would be more than happy to take that step for you. ;)
What's my IP got to do with this? Any system can compromised by direct attack (including Linux). I was talking about vulnerability to things like spam/spyware/viruses. And why the hell are you posting as AC?
AMD has the NX bit, and ISTR that Intel doesn't have it on their IA32e, or whatever the heck they call it, and that they reserved NX for IA-64. The NX bit makes the job more demanding for virus and worm writers, so I would expect AMD to give them additional concerns.
The living have better things to do than to continue hating the dead.
1. First most important technology :
:
:
:
AMD64 processors have NX extension.
Which [quoting wikipedia] : "stands for "no execute", a technology used in CPUs such as Sun's Sparc, Transmeta's Efficeon, and newer 64-bit x86 processors to prevent code from being executed on areas of memory flagged with an NX bit. This feature signifigantly lowers the probability of crackers exploiting buffer overflows and increases overall system security.".
This technology is only supported in newer OSes like Windows XP 64 and Windows XP SP2. It wasn't supported before (exemple in Windows XP SP1 or in Windows 2000).
So before all, a new AMD64-compatible virus, has to cope with new forms of protection.
2. Binary compatibility.
This is going to be more technical.
AMD64 (and Intel's clone "EMT64") are an extension over the standart 32bits inscruction set (IA-32).
So yes, AMD64 could run any 32bit code natively, unlike Itanium (which can only emulate it, with some hardware assistance).
BUT : A worm isn't your average spread-sheet application. It doesn't always run stand-alone.
In order to perform some operation, like infecting a computer without user attention, or gaining administrator privileges, or hacking some kernel stuff to help its replication, the worm must inject code inside OTHER application.
And even if the virus is 32bit, if it infects a 64-bits OS, odds are the applications in which the virus must inject code (e-mail client, kernel, etc...) will be 64bits application.
64bit bit binary code isn't necessary exactly the same as 32bit. Some binary code may be interpreted as different instruction depending on whether the memory segment (the application) was tagged as "16bit code", "32bit code" or "64bit code".
The processor can run all of this "dialects" natively in hardware, but may be expecting a different dialect because the application is tagged as 64bits and the injected code was intended for 32bits systems.
Denpending on the implementation (i don't know AMD64 well enough), when loading data into pointer register, the 32bit code running in 64bit application could either
- only override the lower 32 bits of the pointer, keeping intect the upper 32 bits.
i.e.: load 0x00001234 into a register whose value is 0x0012345601234567, will give you 0x0012345600001234) a different location than expected by the virus, and the machine would crash instead of being infected.
- read pas the lenght of the instruction in code memory.
simplified exemple
if code is "LOAD into pointer 0x00001234, then ADD 500 to register B".
the pointer will be loaded with garbage data "0x0001234, then ADD", and the processor will try to execute code form "500 to register B" which doesn't mean anything, and the machine would crash instead of being infected.
(some useful link about 64bit architecture).
3. Memory model
Last but not least, memory organisation is different between a 32bits and a 64bits OS.
So worm should use different exploits to inject code into different places.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Yeah. It's really crippling being able to run a variety of commercial software including all the latest games.
Sheesh, what's with all the OS hate around here? Linux, Windows, BSD, Mac OS, Mac OS X, etc are just tools. Tools that can help you get jobs done. Use the best tool for the job. I wouldn't imagine editing video on anything but OS X, just like I wouldn't imagine playing games on anything but Windows, just like I wouldn't imagine running a dedicated server on anything but Linux.
No one OS is crippling. Limiting yourself due to fanaticism is.
Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
The 64-bit version of Windows is, for business and dev uses, crippled afaic. Unless you like using software which the vendor admits is a flawed beta (this from the co. that claimed Win95 wasn't!) and for which the source is closed and for which the vendor offers explicitly offers no support at all. Oh yes, finally, the vendor has no timetable for delivering an actual finished version, nor is it clear whether it will actually support your processor at that time.
This basically takes it out of any reasonable professional environment, hopefully. Which leaves the hobbyist; in this realm, unless you are concerned about all of your 37337 sk1nZ going obsolete, you are probably using or considering linux anyway. What is the point of playing with a development OS if the source is closed?
Couple this with the fact that very few tools right now actually use 64-bit "power" (but those which can, really do use it), and your post is quickly revealed as a mindless kneejerk.
Just as soon as the anti-virus companies understand how to write the viruses, then they
can warn us to buy their new software.
"it does show that virus writers are looking toward the future"
Not to insult the journalistic talent that is Timothy, but seriously guy, you need to come up with a better introduction to an article that isn't full of utter stupidity. Nothing pisses me off, or makes me reel in laughter more than a muckraker introducing an article in the wrong manner.
Candy-Coated Knowledge
If you're so smug about your non-MS box, let's see your IP. Put up or shut up.
Actually viruses is recognised by the dictionary as the plural of virus.
~Craig
You pond scum out there! We know lots of you troll /.
We should hunt you down, put on you live, national TV and shoot you in the head as an example.
You're simply terrorists who seek to destroy society.
You are simply replicating your own life form...Virii.
Write a virus----> BOOM! Bye bye pond scum!Then you won't be able to sit at home playing Counterstrike all day!
who is really writing those viruses nowadays? (No pun intended. Unless it's Big Pun)
1. You're an idiot.
2. ???
3. Profit !!
Works for me.
Here we are even before 64 bit Windows is even available to the general public and Symantec is already on the go publishing it's fear mongering to ensure their market for the future. Why is Slashdot participating?
It pops up that "need your password" window so often that you don't even think twice about entering your password. All a program needs to do then is put up a fake window asking for the password, capture it, and have at it on your system.
Windows does allow you to tighten down the machine so you need a password to install, or cannot at all. This is the right level of security.
Now all you have to do is convince people to start making limited user accounts instead of admin accounts.
Go with Mandrake 10, its a great distro with an AMD64 version.
Well, if you look here, these computers all go to 32. You see? And ours go to 64. . .all across the board. 64. . .64. . .64. . .64.
. .
And does that make it faster?
Well, it's twice as fast, isn't it?
Well, why don't you just make a faster 32 bit computer instead of a 64 bit?
. .
. .
These go to 64.
Then, from a biology perspective, when a cell is cancerous (growing without an off switch) some chemotherapy is in order, right? Whether it's chips or software, someone is going to pursue or craft a knee-capping piece of code. Maybe not many attacks are going specifically after Intel's wares, since it seems the code running in their chips is not (from what I gather) crippling Linux running on the same CPUs that ms windows (lower-casing/deprecation intentional) -based computers.
O ...
Maybe this cracking and hacking response is just normal. Let it work. SOMEthing has to keep ms in check, right? After all, if a corporation has a status of "entity" or "person", and then it runs amok, trying to be all for everyone and control or destroy all it doesn't like to compete with then it also should have a lifespan, and be subject to human "murderers" or "kneecappers", but it seems ms is morphing itself into a cancer by being:
-voracious (computing, real estate, banking, entertainment...)
-omnivorous (buy up real or file fake patents)
-belligerent (FUD, pre-empt moms & pops)
-bellicose- (funding BSA, (no, not the Boy Scouts))
-obtuse (pricing)
-sprially spawning into numerous markets (see item above... let us hope they don't end up in airline cockpits)
-prevaricators (faked video testimony, ROI, etc...)
Other companies do similar, but it doesn't seem anyone is hell-bent on attacking:
-IBM
-Sony
-Fujitsu
-Kroger
-Marshalls
-SC
Wait, SCO is busy juggling the efforts of cutting it's own jugular...
David Syes
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Probably gates didn't like THIS road ahead in "The Road Ahead", so he must be inclined to create a "Swervy Road Ahead" to offset virus attacks.
. ht ml
l &o ffset=0&rows=70
Apparently, "The Helix Ahead" is the torturous path ms must be forced along...
Linux has "Tux", but maybe now, with all the viral activity, ms has:
http://www.geocities.com/Heartland/5960/manatee
or
http://www.manateeworld.net
(Does anyone know if Tux can outswim a manatee?)
(for running that snouted Tux ad in Germany a bit back, ms deserves this barb...)
Maybe the book could have been "The Troll Road Ahead", for it elicited much ridicule, and maybe windows itself is not just a purported operating system, and not just a viral black hole, but it is also "troll for virus activity", a billboard for digitial attackers.
For possibly interesting reading, see the "Toll Road Ahead" (some of which you may have already seen):
http://www.economist.co.uk/science/tq/
http://www.timpatrick.com/articles/crosl/
http://www.netaction.org/monitor/mon28.html
http://www.osnews.com/story.php?news_id=5386
http://www.osnews.com/article.php?kind=Editoria
David Syes
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
It's really crippling being able to run a variety of commercial software including all the latest games.
Not true. I happen to have XP64 installed, and you cannot run all the latest games and commercial software. A lot of software doesn't work. Even firefox refuses to run on XP64 without turning off NX protection.
And Doom3 won't run at all.. there is no way to run Doom3 on XP64.
I do not understand this.
What's the "proof of concept"?
So someone wrote a program that looks for files that are executables and adds some code to the end that does the same thing?
Does it promote itself to run with system permissions, or only user-level perms?
As near as I can tell, the writer went to some trouble to limit his program so that it can only propagate on a particular machine and OS, and called it a '64 bit virus'.
On the other hand, maybe I just don't get it.
If you receive an email entitled "Badtimes," delete it immediately. Do not open it. Apparently this one is pretty nasty. It will not only erase everything on your hard drive, but it will also delete anything on disks within 20 feet of your computer.
It demagnetizes the stripes on ALL of your credit cards. It reprograms your ATM access code, screws up the tracking on your VCR and uses subspace field harmonics to scratch any CD's you attempt to play. It will re-calibrate your refrigerator's coolness settings so all your ice cream melts and your milk curdles. It will program your phone autodial to call only your ex-spouses' number. This virus will mix antifreeze into your fish tank. It will drink all your beer. It will leave dirty socks on the coffee table when you are expecting company. Its radioactive emissions will cause your bellybutton fuzz (be honest, you have some) to migrate behind your ears. It will replace your shampoo with Nair and your Nair with Rogaine, all while dating your current boy/girlfriend behind your back and billing their hotel rendezvous to your Visa card. It will cause you to run with scissors and throw things in a way that is only fun until someone loses an eye. It will give you Dutch Elm Disease and Psitticosis. It will rewrite yo
ur backup files, changing all your active verbs to passive tense and incorporating undetectable misspellings which grossly change the interpretations of key sentences. It will leave the toilet seat up and leave your hair dryer plugged in dangerously close to a full bathtub. It will not only remove the forbidden tags from your mattresses and pillows, but it will also refill your skim milk with whole milk. It will replace all your luncheon meat with Spam. It will molecularly rearrange your cologne or perfume, causing it to smell like dill pickles. It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve. These are just a few signs of infection.
Very simple. Only do on the computer what you want to do, not what the computer asks you to.
If you don't know, it's time to get a simpler/safer OS, like UNIX. (unix almost never asks you anything, it's all your fault).