Nom:W32/Bi.A
La date de la découverte:11/04/2006
Type:Infecteur de fichier
En circulation:Oui
Infections signalées Faible
Potentiel de distribution:Faible
Potentiel de destruction:Faible a moyen
Fichier statique:Non
Version VDF:6.34.00.169

 Général Les alias:
   •  Symantec: W32/Linux.Bi
   •  Mcafee: W32/BiWiLi
   •  Kaspersky: Virus.Win32.Bi.a
   •  TrendMicro: PE_BI.B
   •  Sophos: W32/Bi-A


Plateformes / Systèmes d'exploitation:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Linux
   • Unix




   

   Description
   
   W32/Bi.A is a proof of concept virus, designed as a Windows and Linux cross platform file infector. It has the ability to infect both PE and ELF executable structures.
   
   It scans the current folder for all files, and identifies PE and ELF executable files by their respective headers. The file infector contains two scenarios, one for the Windows executable format and one for the Linux format, and runs each infection type depending on the file it finds and infects.
   
   The virus body is a non encrypted 1287 bytes code segment. In the case of a PE file, the body is appended at the end of the executable file, and the file header is modified to allow the viral code to be executed. When infecting ELF files, the virus body is inserted before the beginning of the executable file, and modifications are made in the header to compensate for this offset.
   
   Being a proof of concept virus, it does not take any action other than infecting files.
Description insérée par Sergiu Oprea le mardi 11 avril 2006
Description mise à jour par Sergiu Oprea le mardi 11 avril 2006

Retour . . . .