Symantec Nabs AMD64 Windows Virus

Discussion in 'malware problems & news' started by ronjor, Aug 24, 2004.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    Anti-virus experts have intercepted the first computer virus targeting 64-bit Windows workstations.

    According to an advisory issued by Symantec, W64.Shruggle.1318 is a fairly simple "proof-of-concept" virus programmed to attack 64-bit Windows executables on AMD64 systems.

    Internet news
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Trend Newsletter: W64_SHRUGGLE.A

    W64_SHRUGGLE.A is the second malware discovered that infects 64-bit Windows Portable Executable (PE) files. The first such virus, W64_RUGRAT.A, and this virus are believed to be created by the same author, who calls himself roy g biv. While W64_RUGRAT.A infected 64-bit files running on IA64 (Intel Itanium) processors, this virus is intended to infect PE files running on AMD 64-bit systems. Both of these 64-bit viruses are considered proof-of-concept viruses, meaning the author is probably trying to prove that new systems are susceptible to virus attacks. W64_SHRUGGLE.A is currently spreading in-the-wild, and infecting Windows 64-bit systems.

    Upon execution, this virus searches for target files in the current folder and subfolders. It then infects every 64-bit file (AMD64 only) that it finds. It then passes this file through some filtering criteria, appends its code to the last section of the host file, and then modifies the section as executable. Garbage data may be appended at the end of the virus code to further avoid detection.

    This virus does not infect 32-bit files and does not run in 32-bit processors without software to support AMD64-bit programs. All infected files contain the following signature string: "Shrug - roy g biv".

    If you would like to scan your computer for W64_SHRUGGLE.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com

    W64_SHRUGGLE.A is detected and cleaned by Trend Micro pattern file 2.163.06 and above.
     
Loading...
Thread Status:
Not open for further replies.