Shruggle virus hits 64-bit Windows

By on

The author of the proof-of-concept Chiton virus family has claimed another first by writing the first virus to attack a Windows 64-bit executable file running on AMD systems.

The Shruggle virus tries to infect 64-bit executables files in the same folder it was run in, and explores sub-folders looking to infect files there. The virus then appends itself to the file, including dll files.

The virus is another proof-of-concept virus by virus writer "Roy G Biv" aimed at showing how the 64-bit version of the operating system is just as prone to attack as its 32-bit brethren. The author normally writes virus code with no malicious payload and then submits his work to anti-virus firms rather than releasing them into the world.

According to researchers at anti-virus firm Symantec, the code looks a lot like previous viruses Rugrat and Shrug and unusually for a virus it is written in AMD 64-bit assembly code rather than a high-level language.

The Rugrat virus was the first virus to attack 64-bit Windows Portable executable files using Thread Local Storage structures to execute the viral code..

http://securityresponse.symantec.com/avcenter/venc/data/w64.shruggle.1318.html

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?