Security threats Toolkit

'Proof of concept' emerges for 64-bit virus

Tags:
Viruses,
Windows,
64-bit,
Developer

Matt Hines CNET News

Published: 28 May 2004 08:55 BST

Security technology company Symantec reported on Thursday that it has analysed what it believes to be the first known threat to 64-bit Windows systems, a virus labelled W64.Rugrat.3344.

Representatives at the company were quick to point out that the threat was merely a so-called proof-of-concept virus -- a worm developed by someone to show that vulnerabilities are present in a particular type of system -- and not a virus already spreading in the wild. However, Oliver Friedrichs, senior manager of Symantec's Security Response Team, said W64.Rugrat.3344 can attack 64-bit Microsoft Windows files successfully. He said the virus does not infect 32-bit files and will not run on 32-bit Windows systems.

Since 64-bit systems have yet to proliferate widely, Symantec maintains that the virus does not yet represent a serious threat.

"We always see early adopters trying to find a way to attack new technology right away, as we did with 32-bit, so it's not surprising to see this," Friedrichs said. "But we do expect to see more of these, as 64-bit technology becomes more prominent."

The 64-bit market is expected to grow rapidly. By the end of next year, most Intel chips, will be 64-bit capable, and virtually all of rival Advanced Micro Devices' processors will be 64-bit chips.

Software titan Microsoft is also pushing the high-end market forward. Earlier this month, chairman Bill Gates asked hardware makers to start writing 64-bit drivers for their software. Among the advantages of 64-bit software is the ability to gracefully accommodate more physical memory than the 4GB limit in 32-bit systems.

Symantec said it was not expecting widespread copycats of W64.Rugrat.3344, since the affected assembly code requires fairly advanced technical knowledge. Symantec said W64.Rugrat.3344 was created in IA64 (Intel Architecture) assembly code and infects IA64 executable files, excluding .dll files. The security specialists reported that W64.Rugrat.3344 also infects files that are in the same folder as the virus, as well as all files within related subfolders.

Symantec is currently updating its Norton AntiVirus product line to protect against W64.Rugrat.3344 and expects to have versions of the software armed to defeat the virus ready by the end of Thursday. The company earmarked the 64-bit virus as a Level 1, or the least dangerous sort of threat ranked on its five-tiered ratings system, but warned users to update their virus protection systems as quickly as possible.

Last week, Symantec announced plans to acquire Brightmail, a maker of tools for blocking spam and viruses, for $370m.

Neither Microsoft nor Intel could immediately be reached for comment.