This Christmas, malware authors still seem to be pretty busy spreading malicious codes instead of holiday cheers.
Trend Micro discovered today a new virus that is infecting 64-bit Windows Operating Systems (AMD64). Detected as W64_ABUL.A, this virus infects 64-bit systems by injecting its codes to all executable (.EXE) files in drive C and its subfolders.
To date, W64_ABUL.A is probably the third known file infector to target 64-bit systems, and the second to target the AMD64 platform. First seen was W64_RUGRAT.A, discovered on May 2004. Followed by W64_SHRUGGLE.A, which came out on August 2004. Both of these viruses were considered proof-of-concept viruses created by an author (who calls himself “roy g biv”) to prove that new systems are penetrable to virus attacks.
Well, that much is true nowadays, and we all know that the current trend is to attack new and different platforms as much as possible for profit.
However, with W64_ABUL.A, seems the malware authors of this virus are just out to taunt the AV industry, as you can probably notice in the malware code. This file infector creates the following mutex to mark its presence on a system:
64_absolute by tM & SH,a nice gift for all the AV
community, Marry X.mas to all the AV
Since this file infector targets 64-bit systems, it is not able to infect 32-bit files. It also cannot run on 32-bit processors without software that enables these processors to support 64-bit programs. Clearly, there is no intention to make this virus widespread.
A warning or just pure mockery, whatever is behind this “holiday greeting”, this just shows that malware authors can and will always try to use all available means in spreading their malicious codes.