Virus threat not limited to AMD platforms

By on
Virus threat not limited to AMD platforms

Windows, not chips, the target of Bounds virus.

AMD has been quick to deny press reports that its processors are exclusively targeted by a proof-of-concept virus identified last week in a blog posting by security firm Symantec. 

"The virus in question takes advantage of a vulnerability in Windows x86-64, and not anything specific in our processor," said Richard Baker, European channel marketing manager at AMD.

Peter Ferrie, senior security response engineer at Symantec, author of the original alert, has now updated his blog.

"I have posted this blog ... to outline a recent Q&A session that provides more information about my previous blog regarding a new virus affecting the AMD64 platform," he wrote. 

Discovered by Symantec in an online forum for virus writers, the two items of malware, dubbed w32.bounds and w64.bounds, infect systems by tying themselves to Windows executable files.

They have the ability to execute chip-level assembly code, but are not classified as so-called chip-level threats.

They affect all Windows x86-64 architectures, which includes Intel and AMD chips, but not Intel's Itanium IA64. 

"The virus exploits no flaws in the CPUs," wrote Ferrie in his updated blog.

"It is using a designed-in feature of the operating system in a slightly unusual way; however, it completely conforms to the specification.

"In addition, it should be noted that w64.bounds is specific only to the AMD64 style of CPU (which includes the Intel EM64T), as opposed to Intel's Itanium, on which it won't run."

Although potentially dangerous, the malware has not been used to create a widely distributed virus, nor could it, according to Symantec. The virus writers are simply demonstrating their technical prowess.
Copyright ©

Most Read Articles

Log In

|  Forgot your password?