Central Command Discovers W32.Winux The First Virus That Can Infect Both Windows And Linux Systems.Business Editors & High-Tech Writers MEDINA, Ohio--(BUSINESS WIRE)--March 27, 2001 Central Command, a leading provider of PC anti-virus software anti-virus software n → Antivirensoftware f and computer security services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the , and its partners today announced the discovery of W32.Winux, the world's first cross platform virus capable of infecting computers using both the Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. and Linux operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. . "Today with the discovery of W32.Winux, we have received the world's first known virus capable of spreading on both Windows and Linux computer systems. While people do not share executables between these operating systems, this new proof of concept virus represents a technology innovation that may lead to more destructive viruses in the future. Our Emergency Virus Response Team(TM) discovered this new virus and has analyzed it," said Steven Sundermeier, Product Manager at Central Command Inc.
Details:
Name: Win32.Winux / Linux.Winux
Aliases:
Detection added: March 27, 2001
Spread Method: by infecting files under both Windows and Linux
operating system
Comments: W32.Winux is a non-memory resident virus. It can replicate under Windows 95/98/Me/NT/2000 (Win32) and Linux systems and infects PE files (Windows executable) and ELF files (Linux executable). The infection method is basic. It searches for all files located in current folder and its parent folders and opens every file. If a target file is a PE or ELF executable the appropriate infection routine is called: Win32 infection routine: Infection is done by overwriting Overwriting An options strategy that involves the sale of call or put options on stocks that are believed to be overpriced or underpriced. The options are not expected to be exercised. Notes: Also referred to as overriding. the .reloc section of PE executable. If the .reloc section size is not large enough to hold the virus body, the file is not infected. It uses the following API functions to infect other files: FindFirstFileA, FindNextFileA, FindClose, CreateFileA, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CloseHandle, VirtualAlloc, VirtualFree, WriteFile, SetFilePointer, GetCurrentDirectoryA, SetCurrentDirectoryA Linux infection routine: ELF executables are infected by the overwriting instructions at the entry point. The original code is then stored at the end of ELF executable. When an infected ELF application is executed, the virus code takes control, spreads further and then passes control to the host file. "It is believed to have originated out of the Czech Republic and does not have a destructive payload." concluded Sundermeier. W32.Winux contains internal text strings. It also contains the following text: "(Win32/Linux.Winux) multi-platform virus by Benny/29A" and "This GNU gnu (n  ) or wildebeest (wĭl`dəbēst'), large African antelope, genus Connochaetes. program is covered by GPL See GNU General Public License. 1. GPL - General Purpose Language. 2. GPL - ["A Sample Management Application Program in a Graphical Data-driven Programming language", A.L. Davis et al, Digest of Papers, Compcon Spring 81, Feb 1981, pp. 162-167]. ." Please visit www.avx.com for a complete virus description. AVX Professional starts at $38.95, and a free 30-day trial version may be downloaded from www.avx.com or obtained by contacting Central Command toll-free at 866/2-GET-AVX (866/243-8289). About Central Command: A leader in the anti-virus industry, Central Command, Inc., a privately held company privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. , was founded in 1990 and serves home PC users and industrial, government, financial, education and service firms with virus protection software, services, and information. The company services customers in over 65 countries and is headquartered in Medina, Ohio. Central Command, EVRT EVRT Electronic Variable Response Turbocharging , Emergency Virus Response Team are trademarks of Central Command, Inc. AVX and AntiVirus eXpert are trademarks of Softwin SRL 1. SRL - Bharat Jayaraman. ["Towards a Broader Basis for Logic Programming", B. Jayaraman, TR CS Dept, SUNY Buffalo, 1990]. 2. SRL - Schema Representation language. 3. SRL - Structured Robot Language. C. Blume & W. Jacob, U Karlsruhe. , Romania. All other trademarks, trade names, and products referenced herein are property of their respective owners. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion