Symantec Security Response experts have just analysed the first known 64-bit malicious threat -- W64.Rugrat.3344.
This proof-of-concept virus is NOT spreading in the wild; however, it is the first known threat to attack 64-bit Windows
executables successfully. The threat does not infect 32-bit executables and will not run on 32-bit Windows platforms. It
only targets Win64-bit systems.
W64.Rugrat.3344 exhibits the following characteristics: * It is a direct-action infector -- a threat that exits
memory after execution.
* Written in IA64 (Intel Architecture) assembly code, it infects IA64 executable files excluding .dll files.
* Infects files that are in the same folder as the virus as well as all files within the subfolders.
"Currently, there isn't a broad penetration of 64-bit systems. Most home and business systems deployed today are running
on 32-bit platforms and are not affected by this threat," said Vincent Weafer, senior director of Symantec Security
Response. "At this time, we are not expecting widespread copy cats since assembly code requires advanced technical
knowledge."
W64.Rugrat.3344 is a Level 1 threat (Level 5 being the most severe). Symantec Security Response recommends users to
update their virus definitions to protect against this threat.