First 64-bit virus identified

Symantec Canada has just analyzed the first known 64-bit malicious threat. The virus, called W64.Rugrat.3344, is a “proof-of-concept” virus and is not spreading in the wild, although it is the first known threat to attack 64-bit Windows executables successfully. The threat does not infect 32-bit executables and will not run on 32-bit Windows platforms. It only targets Win64-bit systems.

W64.Rugrat.3344 is a direct-action infector that exits memory after execution. Written in IA64 (Intel Architecture) assembly code, it infects IA64 executable files excluding .dll files. It infects files that are in the same folder as the virus as well as all files within the subfolders.

Leave a Reply