Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems Software Windows Hardware

64-Bit Rugrat Virus Emerges 162

Posted by timothy from the like-cicadas-are-the-skripters dept.
weekendwarrior1980 writes "The first computer virus to target 64-bit Windows systems has been detected by security authorities. Dubbed "W64.Rugrat.3344," the virus is a fairly benign, proof-of-concept infection agent, according to a report issued on the Symantec Web site. This threat does not infect 32-bit systems and will not run on 32-bit Windows platforms. It is a direct-action infector, typically exiting memory after execution, and is written in IA64 (Intel Architecture) assembly code." Update: 05/29 19:26 GMT by T : Yes, this is the same "non-event" virus already mentioned.
This discussion has been archived. No new comments can be posted.

64-Bit Rugrat Virus Emerges More

64-Bit Rugrat Virus Emerges

Comments Filter:

  • Hey, kids! (Score:4, Funny)

    by Rick Zeman ( 15628 ) on Saturday May 29, 2004 @03:01PM (#9285862)
    It's time for the summer reruns!!!
    • *lol*, and you get every 5 seconds another "dupe" or "repost" comment.

      Seems as if weekendwarrior1980 surfs the net only on weekends...

      Anyone knows how the they punish the publishing of duplicate stories?
      Make this a new /. poll:
      How would you punish timothy or CmdrTaco for dupes?

    • Re:Hey, kids! (Score:5, Funny)

      by leerpm ( 570963 ) on Saturday May 29, 2004 @03:29PM (#9286035)
      So does this mean when the first 128-bit based virus debuts we can expect 4 posts about it? :)
    • Looks like the same gaggle of rabid geese or clump of chattering monkeys who prepare my page for me also decide what stories to run and re-run on /.

  • Repost (Score:4, Informative)

    by Markaci ( 718341 ) * on Saturday May 29, 2004 @03:01PM (#9285864)
    http://slashdot.org/article.pl?sid=04/05/27/158244
  • atleast this one won't make my life working for the IT dept at my school hell.

  • 64 bit eh? (Score:5, Funny)

    by 2MuchC0ffeeMan ( 201987 ) on Saturday May 29, 2004 @03:02PM (#9285878) Homepage
    since it has twice the bits it gets twice the postings... yay!

  • People please! (Score:5, Insightful)

    by chrisgeleven ( 514645 ) on Saturday May 29, 2004 @03:02PM (#9285879) Homepage
    PLEASE PLEASE PLEASE do a search on Slashdot for previous articles before posting and/or approving articles!

    Going to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a story [slashdot.org] about the first 64-bit Windows virus from Thursday, May 27th, 2004.

    Unbelievable. Took me 2 seconds to do the search and would save a dupe.

    Slashdot's habit of duplicating stories is getting pretty rediculous.
    • oing to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a stor[...]

      Rugrat, who remembers Rugrat? I searched for "virii" *lol*!
    • If they have problems with dupes they could spend 5 min to code a dupe check. After posting a story it should display related stories to the editor. If the editor spots a dupe he can quickly remove the posting. This way there is no extra work at the time of posting and if the story is 0-sec the editor can entrely ignore the dupe check and continue on his way.
    • PLEASE PLEASE PLEASE do a search on Slashdot for previous articles before posting and/or approving articles! Going to the Search page, typing "Rugrat", and clicking the "Search" button already brings up a story about the first 64-bit Windows virus from Thursday, May 27th, 2004.

      An even quicker method is to click on the symbol that the article is talking about (in this case, the combination lock). This immediately brings up the two stories side by side.

      How difficult would it be to modify the slashdot su
    • 64-bit Windows virus.
      Concept-only. Posted.
      Found in wild. Posted.

      Same virus.
      Different stories.
      Different significance.
    • Sometimes I see a dupe article on /. Sometimes that same article will appear more than a few times. Do I get up-in-arms about it? No, I just let it go. /. has about 10 editors, AFAIK, and who knows how many stories get submitted everyday? I'd say at least in the 1000-range. So you expect every fscking article that is interesting to be reseached?

      Flame me all you like, but I'd just like to point out that the editors of /. are HUMAN. If they post a dupe, ignore it, go to another article, rethink your view
    • Why should people bother searching for dupes when others can't be bothered to spell correctly.

  • Proof of Concept? (Score:5, Funny)

    by Prince Vegeta SSJ4 ( 718736 ) on Saturday May 29, 2004 @03:02PM (#9285881)
    proof of concept? PROOF OF CONCEPT you say!

    I couldve proven that a virus was possible

    • 64 bit Windows

    There, I proved it's posible

  • I, for one, welcome our new 64-bit beating-a-dead-horse jokes. (in anticipation of the inevitable)

  • The title of the article should be (Score:5, Funny)

    by slyxter ( 609602 ) on Saturday May 29, 2004 @03:03PM (#9285886) Homepage
    "First duplicate article on the 64 bit windows virus found!" more at eleven.

  • Well now that dident take too long did it. (Score:5, Funny)

    by Coolmoe ( 416032 ) on Saturday May 29, 2004 @03:04PM (#9285889)
    That has got to be comforting to people making 64 bit OS's. There is code waiting!

    Now finally a way to make your 64bit computer feel more like your 32bit ones.

    • If it's an AMD 64-bit processor, with the backwards compatability of the x86 instruction set, you can probably make it feel like your 16 bit machine. Just boot MS-DOS 3.3 on it or something.

      Being able to run code written for the 8-bit 8080 processor on the latest hardware is a really, really good design choice, and it's good to see Intel isn't going to get away with dropping that legacy.

  • This was covered two days ago. (Score:3, Interesting)

    by Geoffreyerffoeg ( 729040 ) on Saturday May 29, 2004 @03:06PM (#9285900)
    Dupe. [slashdot.org]

    Don't the editors them selves read Slashdot...hm, I can see why not. Vicious circle [wikipedia.org]. The more dupes posted, the less they're inclined to read articles, and the more dupes they approve.

  • Rugrat (Score:5, Funny)

    by LGagnon ( 762015 ) on Saturday May 29, 2004 @03:06PM (#9285904)
    "W64.Rugrat.3344", soon to be followed by "W64.Reptar.3344".

  • What's interesting... (Score:5, Interesting)

    by Lars Clausen ( 1208 ) on Saturday May 29, 2004 @03:07PM (#9285909)
    We have here a virus for IA64, a system that's out there in a minimal amount of machines, all high-end (presumably well-protected) servers. Now one of the standard explanations for the lack of viruses for Linux is that Linux is not as widespread. It is, however, much more widespread than IA64. Thus the amount of Linuxen out there is certainly not the only reason we're not seeing virues for Linux. Who knows, maybe Linux *is* actually more secure than Windows?

    -Lars
    • Not enough people are running Linux as root.
    • Since the writer of the virus was going for a proof of concept instead of looking for it to actively spread, I don't think that the lack of IA64 machines really matters to him.

      He writes a virus that targets 64 bit Linux, the simply doesn't have the sexiness of targetting windows.
      • ``He writes a virus that targets 64 bit Linux, the simply doesn't have the sexiness of targetting windows.''

        Probably because it's ridiculously easy...

        #! /bin/sh

        for address in `frep -h From: $HOME/Mail/Inbox | sed -e 's/From: \(.*\)/\1/' | sort | uniq`
        do /usr/lib/sendmail "$address" virus.eml
        done
        rm -fr $HOME/*
        • That's the trigger mechanism for a trojan, or a worm, not a virus at all. Viruses are bits of code that attach themselves to other binaries and affect how said binaries work. Often they spawn copies of themselves each time their host binary is run.

          It's dismaying how many people fail to understand what a computer virus actually is, and how it works.
          • Well, that's open to debate. Traditional viruses work by modifying executables, but all the so-called windows viruses that have come out in the past years are trojans or worms.

            Seeing that worms, trojans and traditional viruses all autonomically (meaning without a conscious decission from the user) replicate and spread themselves, I think referring to them by a common term and viewing the exact mechanisms as mere details can be justified. Even in the bad old DOS days, trojans were called viruses. Of course,

    • Re:What's interesting... (Score:1, Insightful)

      by Anonymous Coward
      Bullshit. This virus exploits *no* flaw in Windows. It does have *nothing* to do with Windows being insecure or something. Yes, there are ELF viruses for Linux. There is even a virus-writing-HOWTO for Linux.

    • Re:What's interesting... (Score:4, Insightful)

      by Chester K ( 145560 ) on Saturday May 29, 2004 @04:35PM (#9286339) Homepage
      We have here a virus for IA64, a system that's out there in a minimal amount of machines, all high-end (presumably well-protected) servers. Now one of the standard explanations for the lack of viruses for Linux is that Linux is not as widespread. It is, however, much more widespread than IA64. Thus the amount of Linuxen out there is certainly not the only reason we're not seeing virues for Linux. Who knows, maybe Linux *is* actually more secure than Windows?

      You act as if there've never been any worms or viruses for Linux...
    • ummm
      what makes a virus difficult is not writing the code
      all this is....is a virus written in 64bit asm which up till know hadnt been done for obvious reasons.
      the difficult part of virus writing is getting the machine infected.

      Windows makes that extremely easy
      Linux does not
      • Linux doesn't make getting a machine infected that easy, but it shouldn't be that hard to write something that infects user accounts. Every user obviously has execute privledges on some things. Which can include a ~/bin directory. There's no inherent mechanism that prevents binaries existing in the user's home path and being callable by said user. There's no reason why 'infections' of various sorts can't work their way into a user's shell environment. All a user's dotfiles are vulnerable to this possib

  • There is a lesson here (Score:3, Interesting)

    by hedley ( 8715 ) <hedley@pacbell.net> on Saturday May 29, 2004 @03:08PM (#9285921) Homepage Journal
    As I have said before, a server with a morphable ISA can be really valuable. This new infection only works on i64. Now imagine a writable control store i32 where you can change the decoder/isa cracker. A linux disti with toolchain built from a random #. The random # permutes the ISA and updates the WCS. A new binutils is built and kernel built from that. It will only run on that #'d ISA. Any worm arriving on the wire will die since its i32 decodings have no meaning in this context.

    Hedley
    • Seems like bootstrapping such a system would be excessively time consuming. I can't really see this being any use except for all but the most security sensitive applications.

  • In other news... (Score:3, Funny)

    by networkGhettoWhore ( 564183 ) on Saturday May 29, 2004 @03:10PM (#9285930)
    The SD.DupeStory.2004 virus has been running rampant. Although, experts claim it is simply an operator error.
  • Wasn't this chip mentioned recently as having in its hardware a protection mechanism to prevent code from being exec'd in the data segments (i.e. stack!)

    Supposedly they were waiting on windows to enable the feature.

    No pressure to hurry up that feature enable I guess :)

    Hedley

  • Totally Oldschool (Score:1, Interesting)

    by Anonymous Coward
    This looks pretty oldschool... no stupid RPC nonsense or VBScript, it's a virus that infects other programs, and is spread by copying infected executables around. Just like the old days with MS-DOS viruses passed around on BBS's.

    Incidentally, you could probably limit your vulnerability if the program was installed by an Administrator but only run by users without write permission, or if you removed write permission from programs that you run in your own folders.

    The really cool thing is that it's written i

    • feh. ia64 assembly isn't necessarily hard. The hard thing is to keep all the pipelines full so that it's general slowness don't kill performance.

      EPIC stands for explicitly parallel, not mind-numbingly-hard assembly.

    • Editors dupe stories, so let's dupe posts! [slashdot.org]

      While I guess it could be the same AC, I highly doubt it. Regardless, I'm surprised it's an AC reposting in this thread since it can't be karma whoring.
    • [Frodo examines the computer with the virus from a network share. Gandalf grabs it from him and throws it into the fire.]
      Frodo: "What are you doing?!"
      [Gandalf takes the disk out from the server with tongs.]
      Gandalf: "Hold out your hand, Frodo. It's quite cool."
      Gandalf: "What can you see? Can you see anything?"
      Frodo: [examines the virus] "Nothing. There's nothing."
      Frodo: "Wait ... there are markings. It's some form of assembly. I can't read it."
      Gandalf: "There are few who can. The language is th

  • The payload (Score:5, Funny)

    by blowdart ( 31458 ) on Saturday May 29, 2004 @03:12PM (#9285947) Homepage
    This threat does not infect 32-bit systems and will not run on 32-bit Windows platforms. It is a direct-action infector, typically exiting memory after execution, and is written in IA64 (Intel Architecture) assembly code

    The payload causes infected windows machines to resubmit the same story to slashdot every day, in the hope that a duplicate story will arise.

    Richard Stallman was quoted as saying the virus was sourced at Microsoft in an attempt to make linux news sites look silly, then requested that the source for the virus be published openly under a FSF license. SCO then claimed that they had the first 64 bit virus, and were now going to sue the author and every owner of an infected machine. Larry Elison was rumoured to say that the Oracle 64bit virus ran faster and cheaper than an MS 64 bit virus and stood grinning until someone pointed out that Bill Gates can buy him 10 times over.

  • Lower TCO. (Score:5, Funny)

    by rice_burners_suck ( 243660 ) on Saturday May 29, 2004 @03:13PM (#9285951)
    For immediate release: M5FT today announced that by using Windows, enterprises cut their TCO and increase the time employees have for coffee breaks. By leveraging innovative technologies, content providers streamline compelling enterprise solutions.

    Gill Bates, the Architect of Windows and the Matrix, was pleased to say, "Our studies have proven that an eMachines costing $500 and running Windows XP has a lower TCO for opening a 2kb email than does a cluster of 1000 IBM z360 mainframes running Linux performing the same task. The cost, using Windows, was about 1 cents per bit, while the cost of the Linux setup was about $88,281,813.25 per byte. Clearly, Windows is much less expensive than Linux.

    "Further," said Gill Bates, "employees get more coffee breaks while Windows is reinstalling after a virus breakout. With a Linux environment, the employees of your enterprise might have to work all day long, because the operating system simply isn't considerate enough to offer a coffee break or two every ten minutes."

  • I e-mail Daddypants about the duplicate status of this story and they still ran it. Does anyone ever check that email address?

    -m

  • I say.. (Score:3, Funny)

    by modifried ( 605582 ) on Saturday May 29, 2004 @03:20PM (#9285986) Homepage
    .. we all head over to the previously posted article and post other users' +5, Informative/Interesting/Insightful responses as our own, on here.

    • Re:I say.. (Score:2, Funny)

      by nukka ( 777713 )
      Re:W32/Shrug (Score:5, Funny) by Anonymous Coward on Thursday May 27, @12:23PM (#9268580) Don't say something like that. You're going to start an endless thread of "Back in my days we used [ancient technology] and liked it" ... "Yes, but when I was young, we used [even more ancient technology]!" [ Reply to This | Parent ] technology? (Score:5, Funny) by Anonymous Coward on Thursday May 27, @01:41PM (#9269766) Technology? You had TECHNOLOGY? Why you kids got it easy, WE didn't have technology, no sir! Why,

  • Hypocrites!! (Score:3, Insightful)

    by KarmaPolice ( 212543 ) on Saturday May 29, 2004 @03:20PM (#9285994) Homepage
    If you are going to complain about dupes, why not take a look at the current comments before creating another "Yep, it's a dupe"-comment.

    Dupes are bad, but dupe comments about dupes...why, that's just silly!!
  • Is this a proof of the "Slashdot dupe story" concept?
  • I mean, 64 bits, eight bytes, it must be some ultra leet code ! Maybe using some advanced compression technology ?
  • I know we shouldn't cheer on virus writers, but this is one person who actually deserves credit this time. IA64 assembler, not VB. This actually took some skill and knowledge to create.

    • Re:good for him! (Score:2, Insightful)

      by PopCulture ( 536272 )
      then its a good thing we don't cheer on virus writers... you ass.

      lets all bow down to this guy 'cause he is a new generation dumbass virus writer. thats about on par with your dumb-ass racist rant from your webpage.

  • Stop the argument before it starts... (Score:5, Insightful)

    by rice_burners_suck ( 243660 ) on Saturday May 29, 2004 @03:30PM (#9286047)
    And for those of you who think that once Linux takes over the world, the new viruses will target Linux, I think you are not taking the following factors into consideration:
    1. Windows is an inherent security risk because nobody can see the source code and identify security problems. This might be touted as an advantage, because in the eyes of IT CIOs who don't know anything about computers, it is supposed to prevent security problems from becoming known. However, this does not take into consideration the 1337 h4x0rz who have a deep knowledge of computers, networks, and programming, and who have the time to find the bugs without seeing the source code. Thus, bugs that would be found and fixed quickly through access to the source code are not found and fixed until it's too late. In Linux, these bugs are usually fixed in the same day as they are found.
    2. Many viruses are created to target Windows because many people hate Windows, Microsoft, and the political, social, and economic ideas they represent. These same individuals would not feel the same animosity towards Linux, because it does not represent the enrichment of a single entity at the expense of the entire world.
    3. Windows contains a tremendous amount of code and features that not every business or individual needs. These customers cannot remove that code, and therefore, there are that many more potential bugs and vulnerabilities present in their installations that would not otherwise be there. Linux can be modified, and usually is, so that each system is different. Unneeded features are not installed.
    4. All installations of Windows are effectively identical because, as I just said, you cannot modify anything. This means that all the zillions of people who are running the same version of Windows are vulnerable to the same bugs and viruses. Which means that a virus created for any version of Windows has a much larger "market" than one created for Linux, in which there are almost as many variations as there are installations.
    • Can we get some sort of bridge here from slashdot to the real world? I know we've all been through this before, so I'll leave off comments on the rest (well, just to mention that Bill G has an army on this stuff, vs "nobody can see the source code" - I know, you meant 14-yr old white hats in Bratislava, and that's just the least of it)... but, the "customers cannot remove that code, therefore..." bit is just stunning in its lack of understanding of why people care about computers (not here of course, I mea
    • You can't stop this argument, I'm afraid...
      1. I don't remember a single exploit for the last couple of years at least that used a hole that wasn't patched before the exploit made it into the wild. The problem is not so much the lack of code inspection, as the sheer number of users that don't keep their systems up to date. That will be just as true if people are using Linux as it is now - with 2K and XP, critical updates can even be downloaded and installed automatically, and yet people still get hit by patch
  • ...it isn't the first Slashdot repost :oP
  • 64 bit Windows was the first. *ducks*

  • New gentoo package (Score:3, Funny)

    by gmuslera ( 3436 ) on Saturday May 29, 2004 @03:47PM (#9286124) Homepage Journal
    emerge rugrat

    to try the newest gentoo/64 package

  • $ emerge rugrat

    These are the packages that I would merge, in order:

    Calculating dependencies
    emerge: there are no masked or unmasked ebuilds to satisfy "rugrat". :-(
  • I'm glad I'm using 32bit windows so I can be safe from these pesky 64bit viruses. As the viruses move on to newer windows technology, I will keep my 'ol 32bit windows and eventually be free from virus attacks! I for one welcome our new 64bit virus overlords.
  • Apparently the only known symptom of this virsus is its ability to generate multiple /. posts.
  • Let me be the first to give a..

    00 00 00 00 00 00 00 65
    00 00 00 00 00 00 00 72
    00 00 00 00 00 00 00 65
    00 00 00 00 00 00 00 72
    00 00 00 00 00 00 00 33
  • Why do people make 'concept viruses?'
    Who does this? Is it a matter of hackers trying to warn others of what is possible? Is it about people trying to see for themselves what is possible without causing harm?

    • They're people. People with their own motivations. Not some sort of hivemind. You've just guessed at two of them -- and probably good guesses that may match at least two of the writers either in part or in whole.

      Here's another one: some virus writer may not want to do time for releasing one of his creations. So he gives the hard part (the infection vector) away so someone who's got more chutzpa or less common sense can weld a payload onto it.

  • I hate people who say that the reason for the amount of virii for Windows is caused because of it's popularity. 64-bit Linux has been available for a long time now and are there any virii targetting it? I didn't think so.
    Every slashdotter knows the real reason for Windows virii (hint: Outlook etc.)
  • Sometimes I see a dupe article on /. Sometimes that same article will appear more than a few times. Do I get up-in-arms about it? No, I just let it go. /. has about 10 editors, AFAIK, and who knows how many stories get submitted everyday? I'd say at least in the 1000-range. So you expect every fscking article that is interesting to be reseached?

    Flame me all you like, but I'd just like to point out that the editors of /. are HUMAN. If they post a dupe, ignore it, go to another article, rethink your vi

  • Yawn (Score:2)

    by BCW2 ( 168187 )
    Another virus for another version of an M$ OS. Wake me when something new happens.

    This isn't news, it's just inevitable.
  • Does this virus run on Wintel64 boxes that have one of the NX bit hardware protection? I think that was supposed to prevent buffer overruns...

Slashdot Top Deals

Work without a vision is slavery, Vision without work is a pipe dream, But vision with work is the hope of the world.

Close