First 64-Bit Windows Virus Arrives - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

First 64-Bit Windows Virus Arrives

The virus, Rugrat.3344, uses Thread Local Storage structures within the operating system to execute itself.

Security firms say they've discovered the first virus that targets PCs running 64-bit versions of Microsoft's Windows operating system.

Both Symantec and Network Associates have captured samples of Rugrat.3344, a virus that uses Thread Local Storage structures within the operating system to execute itself, "an unusual method of executing code," according to Symantec.

Anti-virus companies are quick to point out that Rugrat isn't spreading, but is actually what's called a "proof-of-concept virus"--malware designed to demonstrate vulnerabilities and the ability to mount an attack. It doesn't spread from machine to machine, like a true worm.

Rugrat infects IA-64 (Intel Architecture 64) executables, and also infects files in the same folder that contain the virus, as well as that folder's associated subfolders.

Both Symantec and Network Associates suspect that the author of Rugrat is the same individual who crafted other proof-of-concept viruses in the Chiton family. Six variations of Chiton have been discovered so far, each which demonstrates a new vulnerability within Windows.

The Chiton series includes groundbreaking viruses such as Gemini, which was the first to run two instances of itself simultaneously to prevent elimination, and OU812, the first to use the language .dll support in Microsoft Visual Basic files to execute the code.

Because 64-bit Windows is relatively scarce, both Symantec and Network Associates ranked Rugrat as a low-level threat. Symantec has pegged it as a "1" in its 1 through 5 scale, while Network Associates labeled it as "Low."

Rugrat cannot infect 32-bit versions of Windows, such as XP, 2000, NT, or 9x, but Symantec says it could infect 32-bit systems using 64-bit simulation software.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll