First 64-Bit Windows Virus ArrivesFirst 64-Bit Windows Virus Arrives
The virus, Rugrat.3344, uses Thread Local Storage structures within the operating system to execute itself.
May 28, 2004
Security firms say they've discovered the first virus that targets PCs running 64-bit versions of Microsoft's Windows operating system.
Both Symantec and Network Associates have captured samples of Rugrat.3344, a virus that uses Thread Local Storage structures within the operating system to execute itself, "an unusual method of executing code," according to Symantec. Anti-virus companies are quick to point out that Rugrat isn't spreading, but is actually what's called a "proof-of-concept virus"--malware designed to demonstrate vulnerabilities and the ability to mount an attack. It doesn't spread from machine to machine, like a true worm. Rugrat infects IA-64 (Intel Architecture 64) executables, and also infects files in the same folder that contain the virus, as well as that folder's associated subfolders. Both Symantec and Network Associates suspect that the author of Rugrat is the same individual who crafted other proof-of-concept viruses in the Chiton family. Six variations of Chiton have been discovered so far, each which demonstrates a new vulnerability within Windows. The Chiton series includes groundbreaking viruses such as Gemini, which was the first to run two instances of itself simultaneously to prevent elimination, and OU812, the first to use the language .dll support in Microsoft Visual Basic files to execute the code. Because 64-bit Windows is relatively scarce, both Symantec and Network Associates ranked Rugrat as a low-level threat. Symantec has pegged it as a "1" in its 1 through 5 scale, while Network Associates labeled it as "Low." Rugrat cannot infect 32-bit versions of Windows, such as XP, 2000, NT, or 9x, but Symantec says it could infect 32-bit systems using 64-bit simulation software.
About the Author(s)
You May Also Like