14 DAY TRIAL // Kaspersky, one of the leaders of antivirus solutions, recently announced the discovery of a virus able to infect both Linux running computers and Windows ones.
Being a crossplatform virus, Kaspersky has given it two names: Virus.Linux.Bi.a si Virus.Win32.Bi.a.
Here's what the Kaspersky experts write on Viruslist.com: "The virus is written in assembler and is relatively simple: it only infects files in the current directory. However, it is interesting in that it is capable of infecting the different file formats used by Linux and Windows - ELF and PE format files respectively. To infect ELF files, the virus uses INT 80 system calls and injects its body into the file immediately after the ELF file header and before the ".text" section. This changes the entry point of the original file. Infected files are identified with a 2-byte signature, 7DFBh, at 0Bh. The virus uses the Kernel32.dll function to infect systems running Win32. It injects its code to the final section, and gains control by again changing the entry point. Infected PE files contain the same 2-byte signature as ELF files; the signature is placed in the PE TimeDateStamp header."
Currently, the virus is a proof-of-concept code, in other words, it only shows that it's possible.
Experts think that the number of viruses able to infect both platforms will grow in the years to come.
"As the developers of viruses continue to research this, we will see [more] cross platform malware come about in the future," SANS Internet Storm Center contributor Swa Frantzen was quoted by Techworld as saying.