Primeiro worm "64 bit"

Nemesis11

Power Member
The proof-of-concept threat is not spreading in the wild, and it only affects 64-bit Windows systems.

The attack is a proof of concept with no payload. Named W64.Rugrat.3344 by Symantec, it's very old-fashioned in technique. When executed it infects all 64-bit executable files, excluding .DLL files, in the directory from which it was executed, and all subdirectories, and then exits.

Rugrat will not execute on conventional 32-bit Windows systems nor will it infect 32-bit Windows executables. The worm is written in Intel Corp. 64-bit assembly language.

"Currently, there isn't a broad penetration of 64-bit systems. Most home and business systems deployed today are running on 32-bit platforms and are not affected by this threat," said Vincent Weafer, senior director of Symantec Security Response. "At this time, we are not expecting widespread copycats, since assembly code requires advanced technical knowledge."

http://www.eweek.com/article2/0,1759,1602191,00.asp
 
"Win64.Rugrat.a

THe very first Win64 virus searches for and infects PE files.

Rugrat adds its code to the bottom of the infected file.

Rugrat does not infect files protected by SFC.

This virus was written by the same coder as Win32.Chiton. The infection method is the same.

Rugrat.a contains errors.

Contains the following text:

Shrug - roy g biv
06/05/04
*4U2NV*"

http://www.viruslist.com/eng/viruslist.html?id=1580242
 
Back
Topo