Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Cross-Platform Sample Virus Targets Windows, Linux



 By: Ryan Naraine
2006-04-07
Article Rating:starstarstarstarstar / 3


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Virus researchers at Kaspersky Lab find proof-of-concept code for a virus capable of infecting both Windows and Linux systems.

Virus researchers at Kaspersky Lab have found proof-of-concept code for a cross-platform virus capable of infecting both Windows and Linux systems.

In an alert posted to Viruslist, Kaspersky said the sample virus has been given a dual name—Virus.Linux.Bi.a/ Virus.Win32.Bi.a—and highlighted the way attackers are targeting multiple platforms in malware attacks.

"The virus doesnt have any practical application," the company said in the alert. "Its classic proof-of-concept code, written to show that it is possible to create a cross-platform virus."

Could Windows malware infect Mac hardware? Click here to read more.

However, according to Shane Coursen, senior technical consultant at Kaspersky Lab, in Woburn, Mass., its normal to see proof-of-concept code modified and used in actual copycat attacks.

"This is the kind of attack well be seeing in the future," Coursen said in an interview with eWEEK. "We know it can be done and there are obvious reasons why malware writers would want to target multiple operating systems with a single piece of malware."

"Well start seeing viruses attacking Windows with the ability to infect Linux and Mac machines. Its not a stretch to imaging a single virus going across all three platforms and even further," Coursen said.

Resource Library:
According to Kasperskys analysis, the cross-platform virus sample is written in assembler and only infects files in the current directory. "However, it is interesting in that it is capable of infecting the different file formats used by Linux and Windows—ELF and PE format files respectively," the alert said.

The virus uses the Kernel32.dll function to infect systems running Win32. It injects its code into the final section and gains control by again changing the entry point, Kaspersky said.

The warning from Kaspersky caught the attention of incident handlers at the SANS ISC (Internet Storm Center), a group of volunteers that tracks malicious activity on the Web.

Ziff Davis Media eSeminars invite: Is your enterprise network truly secure? Join us April 11 at 4 p.m. ET as Akonix demonstrates best practices for neutralizing threats and securing your network.

ISC volunteer Swa Frantzen said the impact of the proof-of-concept code "is very low in itself" but is a sign that the cross-platform aspects of malware are becoming important.

"Even today, Web sites sending exploits to their visitors tend to detect what browser or platform the visitor is using and send a matching exploit to install some malware and earn their quarter for each confirmed installation," Frantzen said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Cross-Platform Sample Virus Targets Windows, Linux
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}v69yDى)RٖۚؖRݣHHbLK{% -۝m'nKX@ B%\:a#rS1>=`G?K$@@izFUe 3JԲ|WR #YȮgtj4{#|6%o;|9|@D%cjA=xkNFzV6'ڈ2z96\3Ѣe' }9B ~533!%>DREQH}"cF-: ;|3*'x8Ѽi/DeOǤ^b&{Ba85;^7n 5{e_ y0vK]K@SѠ*v25v+6^;3ș3z$6d9#';{ ͑w2M| Ӂc)u8r x08ryj5jfML yf_%z(uwKi^_ɷDUJ`Z. I|/ Z@ ͖P OkQҋZ-_  y%_djMOr ])2!,!['3ҺnonN/Nnۭsdo̲5J%~(#3%+%ԩ\uܝݽ\sܵ:w]r޹%gVY3 a Oɟk*Ꟈj O|ix4|kh2`;;RZ:;d:O7-2୛'Sdp*g3E47Q[h,3$BFrV~BX*,>JA͜4o fo NE [- ujgvf%Px۬1 rƒ 4K_S9nZK=0[=RFpƚ\ Дaǘذ 1"% JP$,)|U>EtBA]Su3 .)J!"xA3ˌE !\J!]! g|8Jn΋|?uK󁯚feќ,Ӆ]Wa. o^#L .ϱGVuF7n?]LqJjp.B2iKB0.qjjۛJ(6w_)AbV#Ub(7Z`Lm,5,LtM ӻi0`贎;mB[jI}vi(| I}Ц>Ҹ0MiH'0i} Gͣn]>&tjnXŞ+ P߭gG`IE 6]LRmd;>t)Hh>P0<x0<[衟#]ҽ;:? a=$0.Z- Be^~m ¢8ѵO>ȁ{2'`sDokii1)O.%Ϸ2R}c9>] CRRP$C]HPw9J B!L0H V0(VF􎄰R1iJlRi KgRTD;7 KŔ=*%nqR%a 934YIjL=?躾l1!UGlr`Y \h+|^h)lc Ԩ[6؛ŢRUTIoBk84u03Һ8LM MX3 LSF3pEq<9`G4_m'ȑc=P2Cla} /| `0#c큮6(tsbڰ`DWjm>!4ÃiА4XyĦgZ&5rSF`ߓN86̜07ÚL ~D蹉m>` 4'://ܑ-Ӿ[^O߄V VsA|5 i!׬L <+-Kb*q (>5zS\O΄ō$ ЊO}CٲRb-YV+%fcP*߃akk)T8Xaɶ/^¼xeP4@VRkυ%2=2P, Cx EQ҆}T}Ss . X?ռ\Pe?Ȕes8UKy%_'fڹgK l J;4 HgC~0r( osXSq^i!kg,Sp1hBJeH;~L3 c7,hy&61Sbp=Pz˸Fq,@XĞ\FCǚM\SW˅a0HMw)j|~jN 8|pT'@phZ`0R7*¿4wܱj )ӅY L̆RP՘$GP/#Y% /-0cYzʠlN Q^-DL{ \mrpn\ GZ.&~ni~02y6/|M}굍N0\CКa+30тqV,*I-b[(S<&3aSטD4`Dj ܸ/)epI,_ \À>B SL@rE\ -t[ZpE MabIt,C.էPÍ{c?4]Ef4A@{BRT j%&*ZTpW`rG yWG"MT$p/qf}s}wMiԛFOQQz~g!7ڌeXY1f-1o0+Eu/@Y{s;Wy Ř)ұ)N<:MXH*yUetXܛ 0r>A,Ca&:`LE Ms8gԿG\tiYTWU)&5b34JmBt)D`&~W؇^gm/R9Tƚ" Q3bQX hαGt;bG g g|3cŠ)k+4C 㔁z3MdhHi?oޜ._Qm(}nLZ̺ >~7orF텛+K)K4W po@ȋW!wG:cˤW6nfa`Dh~ϗ3< d&T~#xYRvVlΠ7o NaNm_=*Ua]d WBg&=ԕ~1Adm _BsCd.E;"q&DdkŎr({QF!<$`tRbWa;:l..]>lf#<,Qhn1] ק>qD-ʹTjsnG(.lq)%\.UK+Aekrฦwĭ4O׷/UU1y4*SfDLfЦ厰HzV98$*۳ WLdsdPRvӲK&;bR/\vjZx)(U\ӃE̢*j>wiŏj(Ur_+n$C{eY(N.n$]P*jIIz" :sVȓDQ`Qp&xIHl9l)P`S(s=LaAf<^΀ۍ}u ף~ 6eFZfRvļuZ3Xd;]gm"XvIW8C VS#fGsZ* ՂV_D'ؾEm@(qd:iԣ+ Cutg\D@o0|=kF/$NRAAl+J9SnO;a.reQ@Z:$GY`Q.|aR)U~%ɠK= j ;!9O)I4#/6%wXsdK!O%EDOC~UjgX& 22_c1y~C0 ~WA-1@dE1 7cyI~Zg'7c= SbM2{?RX7w1)Vy'7ڗ!?k[t۽vs\/zQ~ZrXh\S0C~g_IF`·3}|QٷA#(; J@#䆃I]0u](boogg-a>l F;' _9z+y}-}ڹh5rپnI^z΃ 5~xy~}|e4#$ey{hq\1)MF t0S5!麫62lW J_ĥs{ֺ̂sÜI.Dzd_,7Aϐa(zm%1۳}oCS ²VXȬy`|]7$"T]E  k@JA=o8kwo.Si%d:[( `I/Щ c~?OFrA&zRG>ggm3f|+Rt8Dm^_4} y.}y>}4~hW 0NvbAdKF+9ǭI5ڗ.4t8k$ !rz[c.A-H7غN;&c0qJh"[3pu*I hwl)~ڲOm^`e>%';yRb Q'h8W*BrcACp0)4ajcrSrzK"]6GIsPi6n{ GS c znWapϲTta|c|۷#Fg5]{ 6##v2O]zlmD{O,Aa8n;=?PzVKrg WT!_7mX?zxXD3mD1C:#^4?.@ ̯>w I-@A jp?|§G s\#g䜉+~neue'S ]s~oO)+eҽ{k;᧹my3wt33TT{I6$BT5w*lko bYpJuWV2{x`,hgc,nP2QY;pG cémfOpv{ZϲҒ(rK\-"PnZ|W%0.ց<9d/Ah0KY{K !bi4V3YTj69l〙c Zy‡i襖~FgOa|430[gؖrdbLpPfpvn ֔I+y#ĠH=Ӿ3E3` jl+Z0\f>V"?7!c+YT>=b,0eRO^^'G\/_bioر#W.JSgK{1yO)&]zx5pȅ@eFzԧӆ5e>p&{3& x>C9#jtaN'94ETU8u?t[V|NIGMe (<,:ť>UR?[^$O; /|\Ax8=R-S[:G.Y1u}e%<$,4cd2b;9[@=^ );TU36,S,'3!Ĺg7u"?̋렫%f/G,[oh 2Pq 8Vc"Ol ۠oGaZ{2Jɘ~h7YP1>~d"B7eojKCO i|Sŗ5zA9ȹ(N=X(-8 I+J=R?ţ F:ps A ~v%]ZlhI'ЊbG A/fղ/%O)"<alz)1T1a:=՜Lol `>P"H ţ,_0?tM@,rxgs Q}l敵R%$sxK7dOg ' [cY}ZO.XPqjIQ0q$>GP,c'+:tg :K0fKO`$9D1ALk9ԖX9Rn2 a3I $@dYH1+'ZC<%'aolztEҩcP0`0AƠ.=qB(D@!e;b *:%-T^sNg TZDvlN:C> m{iEFMT::V0.t zl:CB'i_B *buk4r3 8~?7W+G˽ű|}K*i<סq F^MݩP}9;*烍3#A&cKpoR{KxIzDaH[Y' iaY%| ݀s> `KDIuuWsbry}&N@s&,1e:R48ʗ0=ԚjFiԗ#pc2d$FV"n؈Z!W`JD|55^ Җߟ5a":H$RhFu_'8|+g=n9m xxKnmQ31_n[ t˟o9Vꌵs#yw@+(aw5_{ހ\ѝt@R j\^5ƘK΢ZV<4D@]_%$/W d 9[%9SX|}[ji$^!_B8e<1,f|!!k(݃Nzj,4>Ú}4.{*/A! $ 9&!bNj$v$@c7n eЙ˧O-L)|KZ6f;lƾE ~#^WUߪ_h$rgy`V2cӲ뿕$ygo1f1Y|Gj KTa!,h"5%^hV0#e cds~t櫇 es^;7>kE_A-8iΞCaY0×qȴ}6 I37}^H#ݍڇݰ9PAgt~eNYl ZMqÜ(oCu&߮[z_[X=$?K9(*9q/^xN)LI|8A$㷈3DCঀ߻:~x?w7\+mēGήnODţݵ⟎Z.lB7oR.qI <@,bH{sRǝdždccYx|]~EiD7i.bg؝ae9Lʜ4>(C^PB^’ M<1Ict1꒚x=  aOjrD,?t$"R.'>rl?QX2xLzm/-IyoY y,6qN"F dѴB.]sI /W#ub?=GutNk-b"]J1x}[=b࿫BZckWesQj5`]_RU BI?MZjA1R9mj˚bfƆX50VzY3nmlzYCjM` oK.қ`(k*1Xpt1XW1儔JzN[E\ L(ZOxEC WEW<00t+P\gզٝ$7xgFugn>VH*كZb+Y75 /Ui_8AnIWi܄ *~ }^NzM .\9TY8'7/|T1/b=-ᰐ#^>x_<MLðhDLRO7]\vD> _s_!߰,VIm{7R[ $y?DD' QbTKrݺ^zm=<XÙ3E}m"7#;&Xz~< BW6 /0蘱> CO 2q ȃwG9–3\vcf+~.Z؟0nh#ķ|$rkqC9҄b&뭻oʑRH8 h0.gj1U%Z&P9 dU _M=_o]&:K% \RA~9 26 mDRPab-OLD:5L[lFLN1o!9 eY_j0:,qH>v7LQ⿟j*!b3wУ4ˑ?A1,@t]\TP*@JP|6XP؟?pk&Hbu~[|`:>"(S[]ă08]q[ cܕѭ6LY%ς l9 :WP g>򽉁0uS; 3sRC´vx X-nB<䱤Pl <'<* MO_zwl꾌Cah),f,TՊR &uU} !2,=VR"[gwy}u^ͲW2VqF̹&JZ!e `xzFgȐp~/Y_Ч6#&X`9f͛OsK"'Mݹ&'¶-r5ut>vn>[7^qnz0cq/楶L۝&,C r~ݼj1;eJq('ړEB*r:xkU94dG_0=4u5{,ڽ Ury1ũ4 /LL7n[n~=Z[AiY/N|v˒We&[ZTmfx9j0S=S܄qP "v[\2Фo%ukה 忮)Mw֔#V ZkOtu9| }C߯PauE;Ӹh.oe5п}^5埠K>v5s_ _ZC+\WkZßWWkez  (XS(ǚ+(ZS{f|A~5@;kY:_:k oּ sw ]_o ~_V>Bu5}}\C;([W{5ݭ\'Ik!(o .^NpN֔25R*X~i]9,הA}VV| JYïeXެsis e_w~ ks\WKM0TntE-+/Y[ʹVq` - {}ys/-#yioRI AQܠIxEó##htoĶ.p&}:=Wvl+Jy.*ܼ}:QO՗XE)9s8W0GfY 1ʛQǒGЬWGz‰n}(Ksҟ˵Oqr`bEi@' @9_Ew[an7+fpKy` +}y緶xvY^]Zj,7-P/IkgecپGh ߒD,q} Kaġ$Л <ʹ}z·^Vq3Nlcm~m>W;u{ݼ4߷C{:'Ku}NoNDV)pF #0߬1zI\0vZ{h~54]N4p97F3 P3ebId@*ZrT)gj'Hd6=8$"2_yYUdJ.'QX,.g /(@#غM{%}C39=q̐ga1V1 !'\Cxkm.r2dof2nQKp^v,P@0~Y8P*`.7K؞;FL$rgMߟbz봍hcƥ 6?{{[0gWډ:dq8pi;Ìs,i8ÏAflk8cXS1wYWw-q~k5 D 9bWM ?3}c_٤+Id b0OF>ಓH_c'cywy&b%b P|_A4oM!fE.08B8L_o%v j#TF\gȌa)gƠ)evm^av;Mă n,='ID/l˦eMf@g^l)V}bNm% 1o)%*kvw[i>ZOe;BI<ş!yqaObx`#Yұ5*5S3m)yir}7 |An[|QڗE@1agG۶fuUҎ_ϒ._ /X)un'|o/)0XPy4wƋrd{GonhQcD%:Ɛ/=-)0^p,\f֓m4` G.ʖ$߁)04o|>zQ[`솧p dtE#b[pkC|R8OEpvRv ?93_Z^Qs9^Bu6٠^|:y-.EOfݍ2R7tlk.!Ү\)V[ǔ  ]'[ڧ3й?m%fHv",{QFbf]ٺ9NRlã ,cWNENE<<Sf}+)VSL_Xџ_P>[Z=H>|E]Oޤ=d'>sHooJO~CL׿Ͼė5:0 ܂aK={'p_Md`{C-`2P]c?e'Q ([P5#{|_% @So^#AWRc@jD9f`?["XӬ+57r\x,tkH1븸rPgIa NZPب z yHN]|WR`D}{jYH |cqFN/eS?H4fwVXb5>2i˺dεޱ++KQu9,J^a?й(Dxp,A-m&:KG+ /V/U>S2)~^|O|Fm1TVSZ~=a0k{%6rǪ=i| oR(c0ܱ/UFk¥7Sf. j3*,aD~) L>1-5? 24[` V##*,R;iܶHsyI./6.f"^U'%㍦nPK"mDŽx^x]FEe7,T_Fja+ !.h-Zw`Y-49X:e4hOb'c` DsdS!ɂE4wEbaNO{_f 'SRIEK.=!ė OK˧Zb,XGt/ 1LG8WX&s Lfd@,o"׎-[\x_ v?X'<~J$Ks Ǧz; |-R -ˬ- tl ̂ Cv,UV<D>Q"Cwv-Fi9G8queni`Bj0g v ޑ,0{El>?7 uZ/{xrƲM%.2˱g5<ƷE2hl&lu3p/ m_=P+ڙ`lD?TlX)zPH;pbGtNi=0I<ˇS*mcNPeoAA„;Wr䏽Z(:?D" +G/H&9M?)WRoB⾥Y;|fFJpxjny0̍ƽg%k.BkH":חosS'*#B]t5<xlLR0$ք$:TɌ;jk;PjgY)s|VЫ3,I3L0lY I\/OЕ嫅J|J8,H5w\H@8~;6E&A5DKeQSif g.Өix0;b <Ḅe*Pd .qeW|!X\S@Dkatɾ>]^t޼j_~:Šӹ=kA0OXY}"ނj̺%{b.6%Ct F*3]B5_WDH|i|gXSfm`ɑR0ol0+C|}̖mJ@Uf̷\SK7++E۔G(wE3KqDOeV&ކe/ao?~7@