Linux.Simile
Win32,Linux}/Simile.D is a very complex virus that uses entry-point obscuring, metamorphism, and polymorphic decryption. It is the first known polymorphic metamorphic virus to infect under both Windows and Linux. The virus contains no destructive payload, but infected files may display messages on certain dates. It is the fourth variant of the Simile family. This variant introduces a new infection mechanism on Intel Linux platforms, infecting 32-bit ELF files (a standard Unix binary format). The virus infects Portable Executable (PE) files as well as ELFs on both Linux and Win32 systems. So far Symantec has not received any submissions of this virus from customers.
NOTE: The {Win32,Linux} reference follows the CARO (Computer Anti-virus Researchers Organization) standard naming convention. This is meant to imply that a threat can infect across multiple platforms, Win32 and Linux. Another such example would be {Win32,W97M}.
Also Known As: W32.Simile, {Win32, Linux}/Simile.D, {Win32, Linux}/Etap.D
Type: Virus
Infection Length: variable
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me, Linux
Systems Not Affected: Windows, Microsoft IIS, Macintosh, Unix