Symantec's security response experts have discovered the first proof-of-concept virus targeting AMD64, the W64.Shruggle.1318.
Written in AMD64 assembly code and based on the W32.Shrug virus, W64.Shruggle.1318 is a direct-action file infector, similar to W64.Rugrat.3344, which infects AMD64 Windows Portable Executable files.
W64.Shruggle.1318 searches 64-bit executable files in the folder where the virus was executed and all subfolders. When it finds a 64-bit executable file, the virus appends itself to all but .dll files.
"W64.Shruggle.1318 is a fairly simple proof-of-concept virus. However, it is the first known virus to attack 64-bit Windows executables on AMD64 systems," said Patrick Evans, regional manager at Symantec Africa.
The virus does not infect 32-bit Portable Executable files, and it will not run natively on 32-bit Windows platforms. However, it can be run on a 32-bit computer that is using 64-bit simulation software.
AMD began shipping AMD Athlon 64 desktop and notebook processors in September 2003 and AMD Opteron processors for servers and workstations in April 2003.
Written by Computing SA staff