Symantec Security Response has revealed that it has analyzed the first 64-bit Windows attack code.
The attack is a proof of concept with no payload. Named W64.Rugrat.3344 by Symantec, its very old-fashioned in technique. When executed it infects all 64-bit executable files, excluding .DLL files, in the directory from which it was executed, and all subdirectories, and then exits.
Rugrat will not execute on conventional 32-bit Windows systems nor will it infect 32-bit Windows executables. The worm is written in Intel Corp. 64-bit assembly language.
“Currently, there isnt a broad penetration of 64-bit systems. Most home and business systems deployed today are running on 32-bit platforms and are not affected by this threat,” said Vincent Weafer, senior director of Symantec Security Response. “At this time, we are not expecting widespread copycats, since assembly code requires advanced technical knowledge.”