Hackers continue to experiment with 64-bit viruses

Link: Virus alerts

The Shruggle virus tries to infect Windows Portable Executable (PE) files on AMD systems and is written in AMD 64-bit assembly code. Once on a system it searches for PE files and attaches itself to them.

It is similar in design to Rugrat, the first 64-bit virus. It is not known at this point if the author is the same for both pieces of malicious code.

‘It’s more of a proof of concept and isn’t really a threat,’ said Graham Cluley, Senior Technology Consultant at Sophos.

’32-bit viruses are going to be far more common for a while and there aren’t the 64-bit systems for this to spread one and these viruses have a tougher time spreading than those aimed at 32-bit systems. Perhaps it is a taste of things to come however.’

Shruggle doesn’t infect standard 32-bit systems, but will function on a 32-bit computer running 64-bit emulation software.

Symantec, who discovered the virus, say it was identified on a newsgroup and less than 50 cases have been reported.

Related reading

HMRC banknotes