Kaspersky warns of cross-platform virus proof of concept
It can infect both Windows and Linux systems
Computerworld - Kaspersky Labs is reporting a new proof-of-concept virus capable of infecting both Windows and Linux systems.
The cross-platform virus is relatively simple and appears to have a low impact, according to Kaspersky. Even so, it could be a sign that virus writers are beginning to research ways of writing new code capable of infecting multiple platforms, said Shane Coursen, senior technical consultant at Kaspersky.
In a note on its Web site, the SANS Internet Storm Center (ISC) in Bethesda, Md,. said the new virus is a sign the cross-platform aspects are becoming important. As the developers of viruses continue to research this, we will see more cross-platform malware come about in the future.
The new virus, which Kaspersky calls Virus.Linux.Bi.a/Virus.Win32.Bi.a, is written in assembler and infects only those files in the current directory. However, it is interesting in that it is capable of infecting the different file formats used by Linux and Windows, Kaspersky said.
It isnt surprising that we are seeing a multiplatform virus, given the growing popularity of Linux on enterprise desktops, Coursen said. This is simply proof-of-concept code to show this kind of thing can be done.
The new virus shows that malicious hackers may be exploring ways of getting new systems into bot networks, according to Johannes Ullrich, chief technology officer at the SANS ISC. But crafting such multi-platform malware is not particularly easy, he said.
Writing a cross-platform worm is difficult because it limits you to functions that are available on both operating systems, Ullrich said. You have to also code the virus in assembly to make it work without relying on any OS-specific function, he said.
The relatively small number of systems running on non-Windows platforms also makes it less appealing for hackers to go to the trouble of crafting cross-platform viruses, he said.
Though rare, this is not the first instance of such a virus appearing in the wild. In 2001, the sadmind/ISS worm exploited a hole in Sun Microsystems Inc.s Solaris to infect systems running vulnerable versions of the operating system. Infected systems then scanned for and attacked servers running Microsoft Corp.s IIS Web server software. That same year, another proof-of-concept virus named Winux infected both Windows and Linux systems.
Even today, Web sites sending exploits to their visitors tend to detect what browser/platform the visitor is using and send a matching exploit to install some malware, SANS said in its note.
Its important for enterprises to be aware of such issues and implement anti-virus tools for protecting non-Windows operating systems if they havent done so already, Ullrich said.
For those thinking their pet computer is invulnerable to the virus threat -- its not, SANS said.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Reducing the Cost and Complexity of Web Vulnerability Management
- Hackers and cybercriminals are constantly refining their attacks and targets; which means you need agile tools to stay ahead of them.
Download this... - Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will... All Malware and Vulnerabilities White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Malware and Vulnerabilities Webcasts