First 64-Bit Malware for Windows Appears

The proof-of-concept threat is not spreading in the wild, and it only affects 64-bit Windows systems.

Symantec Security Response has revealed that it has analyzed the first 64-bit Windows attack code.

The attack is a proof of concept with no payload. Named W64.Rugrat.3344 by Symantec, its very old-fashioned in technique. When executed it infects all 64-bit executable files, excluding .DLL files, in the directory from which it was executed, and all subdirectories, and then exits.

28571.gif

Rugrat will not execute on conventional 32-bit Windows systems nor will it infect 32-bit Windows executables. The worm is written in Intel Corp. 64-bit assembly language.

"Currently, there isnt a broad penetration of 64-bit systems. Most home and business systems deployed today are running on 32-bit platforms and are not affected by this threat," said Vincent Weafer, senior director of Symantec Security Response. "At this time, we are not expecting widespread copycats, since assembly code requires advanced technical knowledge."

28571.gif

Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

77042.gif

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page