Rugrat 64-bit virus
Rugrat 64-bit virus
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

First 64-bit virus found

'Rugrat', a low-risk direct-action infector with no payload, reported in the wild

Iain Thomson, vnunet.com 28 May 2004
ADVERTISEMENT

The first virus to target 64-bit computers has been found in the wild.

Named W64.Rugrat.3344 by Symantec, the new virus can also run on 32-bit computers that are using 64-bit emulators, but not on 32-bit code.

The limited numbers of 64-bit computers and the relative simplicity of the virus mean it is not much of a threat, but it does use some interesting new methods of transmission.

Symantec has reported fewer than 50 Rugrat cases and it is thought to no longer be spreading.

"Currently, there isn't a broad penetration of 64-bit systems. Most home and business systems deployed today are running on 32-bit platforms and are not affected by this threat," said Vincent Weafer, senior director of Symantec Security Response, in a statement.

"At this time, we are not expecting widespread copycats since assembly code requires advanced technical knowledge. W64.Rugrat.3344 is a fairly simple proof-of-concept virus."

Written in Intel Architecture 64 assembly code, the virus spreads via Windows Portable Executable files that are used by most Windows 64 applications, except .dlls.

Once established it spreads to files in the same folder and then into subfolders.

The new virus is described as a 'direct-action infector' because it runs, spreads to a new file, and then the originating code shuts down.

The same techniques have been used in six similarly low-risk proof-of-concept viruses aimed at 32-bit systems, known as the W32.Chiton.gen family.

"Direct-action infectors are seldom seen in the wild as they don't spread very fast," said David Emm, senior technical consultant at Kaspersky Labs.

"This is someone turning out a proof using an original, simple virus that has been designed to spread and then cause no further harm, although a payload could be added. It will be interesting to see if there are any copycat follow-ups."

Microsoft and Intel were unavailable for comment at time of going to press.

See also:

Shruggle 64-bit virus
Hackers continue to experiment with 64-bit viruses
Shruggle virus could be 'a taste of things to come', warn experts  27 Aug 2004
Sasser and Netsky
Sasser and Netsky top virus charts
Antivirus researchers report increasing use of variants as hackers adapt code  01 Jun 2004
Security
Security
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

All Enterprise Security Technology

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Senior C# Agile Web Developer, Online Gaming, London
| Aston Carter
Senior C# Agile Web Developer, Online Gaming, London My Client provides adult customers with high quality gambling and gaming services in an environment that is convenient, entertaining, fair, regulated and secure. My Client is one ... more >
EMC, NetApps, West London, Media
| Aston Carter
EMC, NetApps, West London, Media • NetApps FAS ... more >
Data Analyst / Trafficker / MI Analyst / Information Analyst - Online Gaming Company
| Abraxas
Data Analyst / MI Analyst – Leading Online Gaming Company A Data Analyst / Trafficker is sought by a leading online gaming company. The role encompasses all aspects of online advertising including data handling, communicating ... more >
Power Electronics- Field Applications Engineer-55K Package
| JAM Recruitment
Field Applications Engineer Power Electronics/Supplies Europe/Based Surrey Permanent Position £35-45k Basic+Bonus 10-15%+Car/Car allowance A global organisation involved with the design and development of power supplies actively requires a Field Applications Engineer to strengthen it existing ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Feedback . Contacts
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503