64-Bit Virus for Windows Uses Odd Method | eWeek

64-Bit Virus for Windows Uses Odd Method

May 27, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Symantec has identified the first virus that successfully infects 64-bit Windows executables, posing the first threat to an operating system that industry observers say is often left without antivirus protection.

W64.Rugrat.3344 is a proof-of-concept virus that infects 64-bit executable files on Windows 64-Bit Edition running on Itanium processors, Symantec Corp. said Thursday. It doesnt require a true 64-bit machine, as it runs successfully on 32-bit computers with 64-bit emulators.

Rugrat is currently not a major threat, largely because 64-bit computers are not in widespread use, and it is not currently spreading in the wild. But it demonstrates that virus writers are keeping up with the latest technology, Symantec said.

/zimages/1/28571.gifClick hereto read more about Rugrat.

Symantec noted that many businesses dont bother to protect their 64-bit Windows installations because they do not believe the systems are vulnerable to viruses. This is no longer the case, the company said.

Itanium is an Intel Corp. server chip designed to exclusively run 64-bit software. Other 64-bit processors include Advanced Micro Devices Inc.s Opteron and Athlon 64, for which Microsoft is developing a 64-bit version of Windows.

The IBM-made G5 processor in newer Macs is also 64-bit capable, though Mac OS X is a 32-bit operating system.

64-bit chips allow software to be processed in larger chunks, theoretically increasing performance for some types of tasks and allowing the processor to address more memory.

/zimages/1/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

“Currently, there isnt a broad penetration of 64-bit systems,” Symantec Security Response senior director Vincent Weafer said in a statement. “Most home and business systems deployed today are running on 32-bit platforms and are not affected by this threat.” Symantec has given the virus a Level 1 rating, with Level 5 being the most serious.

Rugrat is a direct-action infector, exiting memory after execution; it infects any file in the same folder as the virus—including all subfolders—and affects all Windows 64-bit executables apart from .DLL files.

The virus has two unusual characteristics, Symantec said. For one, it is written in IA64 assembly code, which requires advanced technical knowledge and makes it unlikely there will be copycat viruses. It also executes using the Thread Local Storage structures.

“This is an unusual method of executing code,” Symantecs Peter Ferrie and Peter Szor wrote in the companys bulletin on the virus.

The Rugrat author also has written several other proof-of-concept viruses, according to the company. Symantec recommends that Windows 64-bit users update their virus definitions to protect against the virus.

/zimages/1/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

/zimages/1/77042.gif

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.