The virus, dubbed W64.Shruggle by Symantec, seems mainly to be an experiment to test the concept of a 64-bit infecter and is not actively spread, said Alfred Huger, senior director of security at Symantec.
"The most interesting thing about this is that virus writers are already developing for the 64-bit platform," he said.
Symantec got a copy of the virus from an antivirus newsgroup the company monitors, Huger said. The virus, even if released on the Internet, would not spread, he added, because the Windows software that the program exploits has not yet been released by Microsoft. Some developers are trying out the 64-bit extensions for Windows, but the software is still being tested. The virus will not run on 32-bit versions of Windows, such as Windows 2000 and Windows XP, owned by the vast majority of Microsoft users.
"This is for the future, when this stuff comes out of beta," Huger said.
That a virus for 64-bit Windows has been developed so early is somewhat ironic, since 64-bit processors such as AMD's Opteron have specific features to boost the security of Windows PCs. That protection is targeted at worms and other attacks that, unlike email viruses, are triggered without having to trick users.
While the digital pest is little threat, it does indicate that virus writers are thinking ahead. Such "proof of concept" programs tend to be aimed at identifying vulnerabilities, not exploiting them. Other recent viruses targeted at new platforms include two programs that aimed to infect the Symbian and Windows CE operating systems used by many smart phones.
"They prove that there is a viable threat," Huger said.
Talkback
The DEP or NX enhancements to AMD64 processors and which should be in Intel processors next year, are, as far as I am aware, for buffer overruns and programs trying to illegally execute code which has been hidden in data segments.
If the virus doesn't try and do this, but instead exploits a flaw in Windows, where it doesn't need to execute in data space, then the DEP or NX extentions don't make any difference, because the code isn't trying to circumvent that particular safety net.
The amount of information given in the article doesn't explain how the virus was written, or whether it has found an exploit in this hardware protection mechanism. Does the virus exploit a buffer overrun which should be protected by DEP/NX?
Bad analogy time ;-) : ABS will help you stop more quickly on a slippery surface and could possibly avoid an accident. But if you don't even attempt to use the brakes, does that make it the ABS's fault that you had an accident? Same thing here, if the virus is not trying to execute code in non-executable memory, then the DEP/NX is not going to help.
Please try and be less alarmist and more informative. If I just wanted scare stories, I'd buy the tabloids, not read what is supposed to be an online news service dedicated to professional IT reporting!