- May 26, 2004
- February 13, 2007 12:23:42 PM
Also Known As:
- W64/Rugrat [McAfee]
W64.Rugrat.3344 is a direct-action infector--it exits memory after execution--of IA64 Windows Portable Executable (PE) files. These PE files include most 64-bit Windows programs other than .dlls.
The virus infects files that are in the same folder as the virus and in all subfolders. It is the first known virus for 64-bit Windows, and it uses the Thread Local Storage structures to execute the viral code. This is an unusual method of executing code.
It does not infect 32-bit Portable Executable files, and it will not run on 32-bit Windows platforms. The virus is written in IA64 assembly code.
Note: A true 64-bit computer is not required for this virus, as it can be run on a 32-bit computer that is using 64-bit simulation software.
A minor variant was discovered which is capable of infecting DLL files in addition to EXE files. This sample is the same size as the original and was already detected by the existing W64.Rugrat.3344 and no signature update was necessary.
Antivirus Protection Dates
Initial Rapid Release version May 27, 2004
Latest Rapid Release version September 28, 2010 revision 054
Initial Daily Certified version May 27, 2004
Latest Daily Certified version September 28, 2010 revision 036
Initial Weekly Certified release date May 28, 2004
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Peter Ferrie