Cross Platform Win32/Linux Virus

Status
Not open for further replies.
Phantasm66

Phantasm66

Posts: 4,909   +8
Win32/Linux Cross-Platform Virus


An Anonymous Coward writes "Symantec reports on the first virus to infect both ELF and PE binaries on Linux and Win32. "The first Win32/Linux cross-infector, {Win32,Linux}/Peelf, uses two separate routines to carry out the infection on PE and ELF files. This variant of Simile shares a substantial amount of code between the two infection functions, such as the polymorphic/metamorphic engines, the only platform-specific parts being the directory traversal code and the API usage.""
Click to expand...
source: http://slashdot.org/articles/02/06/02/1749237.shtml?tid=99

Linux.Simile

Win32,Linux}/Simile.D is a very complex virus that uses entry-point obscuring, metamorphism, and polymorphic decryption. It is the first known polymorphic metamorphic virus to infect under both Windows and Linux. The virus contains no destructive payload, but infected files may display messages on certain dates. It is the fourth variant of the Simile family. This variant introduces a new infection mechanism on Intel Linux platforms, infecting 32-bit ELF files (a standard Unix binary format). The virus infects Portable Executable (PE) files as well as ELFs on both Linux and Win32 systems. So far Symantec has not received any submissions of this virus from customers.

NOTE: The {Win32,Linux} reference follows the CARO (Computer Anti-virus Researchers Organization) standard naming convention. This is meant to imply that a threat can infect across multiple platforms, Win32 and Linux. Another such example would be {Win32,W97M}.


Also Known As: W32.Simile, {Win32, Linux}/Simile.D, {Win32, Linux}/Etap.D
Type: Virus
Infection Length: variable
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me, Linux
Systems Not Affected: Windows, Microsoft IIS, Macintosh, Unix
Click to expand...
source: http://www.symantec.com/avcenter/venc/data/linux.simile.html
 
Quote:

Win32,Linux}/Simile.D is a very complex virus that uses entry-point obscuring, metamorphism, and polymorphic decryption. It is the first known polymorphic metamorphic virus to infect under both Windows and Linux.

Err so what's that mean in language i can understand ?
 
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me, Linux
Systems Not Affected: Windows, Microsoft IIS, Macintosh, Unix
Click to expand...
Glad they've cleared up that Windows is affected, but isn't affected :)
 
Status
Not open for further replies.

Similar threads

I
  • Locked
Inactive Virus or rootkit on Windows and Linux
Replies
9
Views
2K
Broni
Broni
N
Several popular Minecraft mods are infected with Fracturiser malware
Replies
0
Views
611
nanoguy
N
Shawn Knight
3DMark Solar Bay is a cross-platform, ray tracing benchmark for Android and PC
Replies
8
Views
568
Porkous
P

Latest posts

Back