‘Double’ virus threatens PCs running Linux or Windows

Dual-purpose malicious code may be part of new trend

Hackers have released a sample code for a virus that could infect both Linux and Windows PCs.

The virus, which was given the double name Virus.Linux.Bi.a/ Virus.Win32.Bi.a, was reported last week by security firm Kaspersky Lab. Security researchers worry that the malicious code may be part of a disturbing new trend in viruses that can run on Windows as well as other operating systems that have been largely ignored by hackers.

“The virus is written in assembler and is relatively simple,” a Kaspersky representative says. “However, it is interesting in that it is capable of infecting the different file formats used by Linux and Windows — ELF and PE format files respectively.”

The ELF (Executable and Linking Format) and PE (Portable Executable) file formats are used to format certain types of binary files in Linux and Windows, including the .exe and .dll files.

The virus appears to have no practical application, says the spokesperson.

“It’s a classic proof-of-concept code, written to show that it is possible to create a cross-platform virus. However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code and adapt it for their own use.”

Security training organisation The SANS Institute agreed with Kaspersky’s assessment, saying that the software should come as a warning to Linux and Mac OS X users who may think their computers are “invulnerable” to virus threats.

“As the developers of viruses continue to research this, we will see [more] cross-platform malware come about in the future,” says SANS Internet Storm Centre contributor, Swa Frantzen.

“Protecting the Linux, Unix and Mac OS X machines with antivirus measures is a good thing to start on now if you haven’t done so already,” he says.

Join the newsletter!

Error: Please check your email address.

Tags LinuxNetworking & Telecomms IDWindows

More about KasperskyKasperskyLinuxSANS InstituteThe SANS Institute

Show Comments

Market Place

[]