The proof-of-concept was submitted to Russian antivirus company Kaspersky Lab. The virus was written in low-level computer code called "assembler."
The security company has dubbed the virus as Virus.Linux.Bi.a/Virus.Win32.Bi.a.
Details :
While the virus is capable of infecting files on both Windows and Linux platforms, it only infects files in the current directory. Most importantly, it doesn’t cause any actual harm to infected systems and doesn't self-propagate. It can infect files in the different formats used by Linux and Windows--ELF and PE, respectively, Kaspersky said.
The virus appears to be written by a traditional malware author who is showing off his programming skills rather than creating malware for financial gain, he added. The virus leaves a text string in infected files that refers to the Immortal Riot with, an online publication where virus authors between 1993 and 1996 posted proof of concept code for viruses.
Especially the ability to infect Linux systems limits the virus in its ability to cause harm. Users need to manually download and open the file to get infected, and since Linux is mostly used on servers, few users on that operating system will get infected.
There would be more gain to be made by going between Windows and OS X rather than Windows and Linux because there are more desktops available on OS X.
Impact :
The code however could spark the creation of more cross platform viruses, he noted, as the virus author has in a sense blazed a new trail.
"This is an advance thing. It's written in an assembler so we know it's written by a programmer, as opposed to a lot of other [malware]. The gauntlet is down. Somebody has proof that they can write a virus for two operating systems. "
The virus is a classic proof-of-concept, written to show that it's possible to create a cross-platform virus, Kaspersky said. "However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code and adapt it for their own use," Kaspersky said.
That concern is shared by Swa Frantzen, who tracks incidents at the SANS Internet Storm Center, which monitors network threats. "The impact of the proof-of-concept at this point is very low in itself, but it is a sign the cross-platform aspects are becoming important,"
The security company has dubbed the virus as Virus.Linux.Bi.a/Virus.Win32.Bi.a.
Details :
While the virus is capable of infecting files on both Windows and Linux platforms, it only infects files in the current directory. Most importantly, it doesn’t cause any actual harm to infected systems and doesn't self-propagate. It can infect files in the different formats used by Linux and Windows--ELF and PE, respectively, Kaspersky said.
The virus appears to be written by a traditional malware author who is showing off his programming skills rather than creating malware for financial gain, he added. The virus leaves a text string in infected files that refers to the Immortal Riot with, an online publication where virus authors between 1993 and 1996 posted proof of concept code for viruses.
Especially the ability to infect Linux systems limits the virus in its ability to cause harm. Users need to manually download and open the file to get infected, and since Linux is mostly used on servers, few users on that operating system will get infected.
There would be more gain to be made by going between Windows and OS X rather than Windows and Linux because there are more desktops available on OS X.
Impact :
The code however could spark the creation of more cross platform viruses, he noted, as the virus author has in a sense blazed a new trail.
"This is an advance thing. It's written in an assembler so we know it's written by a programmer, as opposed to a lot of other [malware]. The gauntlet is down. Somebody has proof that they can write a virus for two operating systems. "
The virus is a classic proof-of-concept, written to show that it's possible to create a cross-platform virus, Kaspersky said. "However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code and adapt it for their own use," Kaspersky said.
That concern is shared by Swa Frantzen, who tracks incidents at the SANS Internet Storm Center, which monitors network threats. "The impact of the proof-of-concept at this point is very low in itself, but it is a sign the cross-platform aspects are becoming important,"