First 64-Bit Windows Virus Arrives - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

First 64-Bit Windows Virus Arrives

The virus, Rugrat.3344, uses Thread Local Storage structures within the operating system to execute itself.

Security firms say they've discovered the first virus that targets PCs running 64-bit versions of Microsoft's Windows operating system.

Both Symantec and Network Associates have captured samples of Rugrat.3344, a virus that uses Thread Local Storage structures within the operating system to execute itself, "an unusual method of executing code," according to Symantec.

Anti-virus companies are quick to point out that Rugrat isn't spreading, but is actually what's called a "proof-of-concept virus"--malware designed to demonstrate vulnerabilities and the ability to mount an attack. It doesn't spread from machine to machine, like a true worm.

Rugrat infects IA-64 (Intel Architecture 64) executables, and also infects files in the same folder that contain the virus, as well as that folder's associated subfolders.

Both Symantec and Network Associates suspect that the author of Rugrat is the same individual who crafted other proof-of-concept viruses in the Chiton family. Six variations of Chiton have been discovered so far, each which demonstrates a new vulnerability within Windows.

The Chiton series includes groundbreaking viruses such as Gemini, which was the first to run two instances of itself simultaneously to prevent elimination, and OU812, the first to use the language .dll support in Microsoft Visual Basic files to execute the code.

Because 64-bit Windows is relatively scarce, both Symantec and Network Associates ranked Rugrat as a low-level threat. Symantec has pegged it as a "1" in its 1 through 5 scale, while Network Associates labeled it as "Low."

Rugrat cannot infect 32-bit versions of Windows, such as XP, 2000, NT, or 9x, but Symantec says it could infect 32-bit systems using 64-bit simulation software.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll