Symantec Analyses First 64-bit malicious threat
Symantec Security Response experts have just analysed the first known 64-bit malicious threat -- W64.Rugrat.3344.
This proof-of-concept virus is NOT spreading in the wild; however, it is the first known threat to attack 64-bit Windows executables successfully. The threat does not infect 32-bit executables and will not run on 32-bit Windows platforms. It only targets Win64-bit systems.
W64.Rugrat.3344 exhibits the following characteristics: * It is a direct-action infector -- a threat that exits memory after execution.
* Written in IA64 (Intel Architecture) assembly code, it infects IA64 executable files excluding .dll files.
* Infects files that are in the same folder as the virus as well as all files within the subfolders.
"Currently, there isn't a broad penetration of 64-bit systems. Most home and business systems deployed today are running on 32-bit platforms and are not affected by this threat," said Vincent Weafer, senior director of Symantec Security Response. "At this time, we are not expecting widespread copy cats since assembly code requires advanced technical knowledge."
W64.Rugrat.3344 is a Level
1 threat (Level 5 being the most severe). Symantec Security
Response recommends users to update their virus definitions
to protect against this threat.