- 27 May 2004 17:24
Symantec Security Response Analyses The First Known 64-bit Malicious Threat Known As W64.Rugrat.3344
Symantec Security Response experts have just analysed the first known 64-bit malicious threat -- W64.Rugrat.3344. This proof-of-concept virus is NOT spreading in the wild; however, it is the first known threat to attack 64-bit Windows executables successfully. The threat does not infect 32-bit executables and will not run on 32-bit Windows platforms. It only targets Win64-bit systems.
W64.Rugrat.3344 exhibits the following characteristics: It is a direct-action infector -- a threat that exits memory after execution. Written in IA64 (Intel Architecture) assembly code, it infects IA64 executable files excluding .dll files. Infects files that are in the same folder as the virus as well as all files within the subfolders.
"Currently, there isn't a broad penetration of 64-bit systems. Most home and business systems deployed today are running on 32-bit platforms and are not affected by this threat," said Vincent Weafer, senior director of Symantec Security Response. "At this time, we are not expecting widespread copy cats since assembly code requires advanced technical knowledge."
W64.Rugrat.3344 is a Level 1 threat (Level 5 being the most severe). Symantec Security Response recommends users to update their virus definitions to protect against this threat.
If you would like to speak with a Symantec security expert, please contact:
Antoinette Trovato Symantec Australia/New Zealand Phone: 02-8879-1173 Mobile: 0408-495-337 Email: email@example.com
Debbie Sassine/Renee Bushnell Spectrum Communications Phone: 02-9954-3299 Mobile: 0405-735-323 Email: firstname.lastname@example.org or email@example.com