Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Writers Look Ahead: Target 64-bit Windows

Posted by timothy on from the yes-ma'am-just-testing-your-alarm-system dept.

Ashcrow writes "A new virus, named W64.Shruggle.1318 by Symantec, is being 'tested' on AMD64 machines running 64-bit Windows. While it is not currently a danger to 64-bit Windows users, it does show that virus writers are looking toward the future. The exploitable software in questions is currently unreleased outside of beta. News.com has the full article."

15 of 205 comments (clear)

  1. Interesting. by London+Bus · · Score: 5, Interesting

    I hadn't realised that there were sufficiently many fundamental changes to a 64-bit system as compared to a 32-bit system that meant that a virus written for one wouldn't work on the other. What's so different? How does a different integer or word size affect the functioning of a virus so greatly, when interoperability is such a priority?

    1. Re:Interesting. by dagoalieman · · Score: 4, Interesting

      As I understand it, and I hope if I'm wrong someone does so and gets a +5 mod... I'm going to be very general and semantic, I'm sure you'll see the point, but details as always are better. :)

      While software is made to be compatible, and Windows has code written into it to help with compatibility, as well as the processors have extensions. Windows also has code in order to take advantage of the 64 bit processor abilities to their fullest. While there's compatibility options available, most of the code that Windows executes was made for 64bit CPU (I should say most of the *compiled* code... I'm not sure how much of a rewrite was needed for porting, as opposed to compiler changes.)

      With new code comes new holes, obviously. And the same can be said for third party softwares- that new code which takes advantage of the processors to its fullest will have some new code (extending through compilation, of course).

      I would say, though, it wouldn't surprise me to find out that the programs themselves are really quite incompatible, but the files themselves are written for maximum compatibility. Pop one in an email, and it works on a 32 bit based machine I mean.

      As an aside, I wonder if this is an attack on AMD's compatibility, or 64 bit code in general.. I note that the article mentions AMD with specitivity, not Intel.

      --
      We don't need no Net Explorer We don't need no Thought control
    2. Re:Interesting. by pjt33 · · Score: 2, Interesting

      I know that, and you know that, but the general public doesn't. Therefore anti-virus companies (whose products include firewalls and e-mail filters to protect against some worms) just use the word virus indiscriminantly. Meh.

    3. Re:Interesting. by gibson_81 · · Score: 2, Interesting

      IIRC, this has been present in MMUs since the 486 (maybe 386 too) ... Don't know why it was never used ... mem pages there had the classic "RWX" permissions ... I can understand why that couldn't be used in Linux (since other CPUs might not support it), but why Windows ignores those bits is beyond me ...

  2. Re:conspiracy? by Anonymous Coward · · Score: 2, Interesting

    "almost"?

    I have seen several virus warnings in computer mags that go "This virus has currenly not been spotted outside of $ANTIVIRUSCOMPANY's labs".

    Well, how did it get in there, if not from the outside? It was made in there.

  3. Wow! Beta Viruses! by ArbiterOne · · Score: 1, Interesting
    Speaking of proof-of-concept (RTFA), could this be the first virus to attack a product that's still in beta?

    Actually, this doesn't really make a lot of sense. If the entire point of a virus is to cause widespread destruction, then doesn't it make more sense to write a virus for 32bit computers?

  4. Viruses by Un0r1g1nal · · Score: 3, Interesting

    Although I thoroughly disagree with these malicious programs, and any virus of any discription, they do encourage people to create neater code and to develop better code that is invulnerable to these kinds of exploits. One could always hypothesise about how much we may or may not have developed programming code without having to spend money on prevention of these exploits.

    --
    If at first you DON'T succeed, Skydiving is NOT for YOU!!
  5. Re:conspiracy? by Anonymous Coward · · Score: 3, Interesting

    Unless it somehow infected their computers or their systems were targeted maybe??? I know of a few virus authors who turned from black-hat to white-hat instead of spend time in jail, that isn't a bad thing. Where will you find the really great, if misguided geniuses? John Carmack wanted to be a phreak in the early bbs days.

  6. I agree, forget Joe (L)user by panurge · · Score: 5, Interesting
    W64 is an opportunity to move away from the whole "the system has to be insecure because Joe Sixpack is stupid" syndrome. If OS X can drop down a window asking for an admin password before installing updates, so can W64. W64 will be supposed to be a professional OS, for Turing's sake. Why can't MS simply use a few $$ of the billions to produce a nice "read this first" poster to explain to newbies how their nice new security system works, and how it will make using the computer so much more pleasant?

    Tinfoil hat time: perhaps all the FUD about SP2 problems, users unwilling to update etc. is just being put out by spammers and malware merchants.

    I agree there is a problem, especially with people who think they are creative. I'm afraid I was positively delighted when the author Louis de Bernieres lost the first 60 pages of his new novel becaue he had failed to make a backup, and complained that he didn't expect to have to make backups, he wasn't a computer expert (or words to that effect). People need to understand that failure to learn the basics can result in pain and distress.

    --
    Panurge has posted for the last time. Thanks for the positive moderations.
  7. In unrelated news... by MickyJ · · Score: 3, Interesting

    ...anti-virus company profits are down.

  8. Yay! by kg_o.O · · Score: 2, Interesting

    Hardware stack protection, finally, after all these years! All praise AMD! ;]

  9. here's the grain of salt by maxpublic · · Score: 5, Interesting

    Some years ago I contracted with Symantec for about five months and worked closely with several of their departments, including the folks who did tech support for their anti-virus software. During that time Symantec offered a cash bounty to any techie who brought in a virus 'from the wild' that wasn't covered by the their antivirus software.

    It was common knowledge that many of these 'wild' viruses were actually, in fact, written by the support staff themselves in order to collect on the bounty. But Symantec didn't care because this just allowed them to enlarge their virus definition file and show their customers why it was important to subscribe to their update service. From my point of view it was a "wink, wink, nudge, nudge" sort of thing.

    This was one of just many things about Symantec which disgusted me so much that after that contract I refused to work with them ever again. I don't know if they still have an update service for their anti-virus software, but it wouldn't surprise me if many of our future 64-bit viruses came directly from employees of Symantec itself.

    It's a great business model: release the viruses, then sell the software that combats those viruses. Unethical and illegal, but a solid money-maker for those who don't care about such trivial things.

    Max

    --
    My god carries a hammer. Your god died nailed to a tree. Any questions?
  10. Lol the general public can't handle OSX by SmallFurryCreature · · Score: 4, Interesting
    The average Apple user I have met isn't a computer whizkid. However there is a huge difference with the unwashed windows hords. The Apple user KNOWS he is a computer moron. Most of them therefore do little things like read the goddamn fucking manual. They are also less likely to be upset about safeguards. (just check with your local emergcency crew, it isn't the 2 left hands doctor who decides to do a bit of DIY who cuts of his thumb. It is the DIYer who think he knows it all and thinks safety catches are for wimps)

    The problem with windows isn't that its users are stupid and don't know shit. The problem is that MS has chosen to encourage these computer morons to feel like they know what they are doing and has given them enough rope to hang themselves with.

    It makes people feel good and gives helpdesk monkeys around the world fulltime employment.

    Remember, virusses, trojans, spyware ARE GOOD for the local economy.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

  11. Re:This shows once again by Gary+Destruction · · Score: 2, Interesting

    User base is not as significant as people would think. The main reasons for attacks against an OS are reputation and design.

    Throughout the years, Microsoft has been very lax and carefree about security. Since the 90's, security experts have warned Microsoft about security issues and Microsoft blatantly ignored them. As a result of this negligence, Microsoft had earned a bad reputation.

    Then you get into design and you see unnecessary services running, browser integration, ActiveX/COM with unrestricted access to the system, services listening to anything that speaks including WAN traffic, NetBIOS going over TCP/IP over a WAN by default, file and printer sharing binding to all adapters including those that haven't been selected, Microsoft insisting that personal firewalls are the answer to unnecessary Windows services, etc. The list goes on and on.

    Had Microsoft been more serious about security in the 90's, it would have been a whole different story.

  12. Re:typical by Anonymous Coward · · Score: 0, Interesting

    How are you going to completely eradicate all current rapist and prevent any new ones from popping up in the future?

    No, you can't. So I'm not going to call you flamebait. I'm going to call you a retard since it seems much more appropriate .