First 64-bit Windows Virus Spotted

Both Symantec and Network Associates have captured samples of Rugrat.3344, a virus that uses Thread Local Storage structures within the operating system to execute itself, "an unusual method of executing code," according to Symantec.

Antivirus firms were quick to point out that Rugrat is not spreading, but is actually what's called a "proof-of-concept virus," malware designed to demonstrate vulnerabilities and the ability to mount an attack. It doesn't spread from machine to machine, like a true worm.

Rugrat infects IA64 (Intel Architecture 64) executables and files in the same folder that contain the virus, as well as that folder's associated subfolders.

Both Symantec and Network Associates suspect that the author of Rugrat is the same individual who crafted other proof-of-concept viruses in the Chiton family. Six variations of Chiton have been discovered so far, each of which demonstrates a new vulnerability within Windows.

The Chiton series includes groundbreaking viruses such as Gemini, which was the first to run two instances of itself simultaneously to prevent elimination, and OU812, the first to use the language .dll support in Microsoft Visual Basic files to execute the code.

Because 64-bit Windows is relatively scarce, both Symantec and Network Associates ranked Rugrat as a low-level threat. Symantec, for instance, pegged it as a "1" in its 1 through 5 scale, while Network Associates labeled it as "Low."

Rugrat cannot infect 32-bit versions of Windows, such as XP, 2000, NT or 9x, but Symantec did warn that it could infect 32-bit systems using 64-bit simulation software.

*This story courtesy of Techweb.com.