Nome del virus:W32/Bi.A
Scoperto:11/04/2006
Tipo:File Infector
In circolazione (ITW):Si
Numero delle infezioni segnalate:Basso
Potenziale di propagazione:Basso
Potenziale di danni:Medio-Basso
File statico:No
Versione VDF:6.34.00.169

 Generale Alias:
   •  Symantec: W32/Linux.Bi
   •  Mcafee: W32/BiWiLi
   •  Kaspersky: Virus.Win32.Bi.a
   •  TrendMicro: PE_BI.B
   •  Sophos: W32/Bi-A


Piattaforme / Sistemi operativi:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Linux
   • Unix




   

   Description
   
   W32/Bi.A is a proof of concept virus, designed as a Windows and Linux cross platform file infector. It has the ability to infect both PE and ELF executable structures.
   
   It scans the current folder for all files, and identifies PE and ELF executable files by their respective headers. The file infector contains two scenarios, one for the Windows executable format and one for the Linux format, and runs each infection type depending on the file it finds and infects.
   
   The virus body is a non encrypted 1287 bytes code segment. In the case of a PE file, the body is appended at the end of the executable file, and the file header is modified to allow the viral code to be executed. When infecting ELF files, the virus body is inserted before the beginning of the executable file, and modifications are made in the header to compensate for this offset.
   
   Being a proof of concept virus, it does not take any action other than infecting files.

 Varie Stringa:
In più contiene le seguenti stringhe:
   • [CAPZLOQ TEKNIQ 1.0]
   • (c) 2006 JPanic:
   • This is Sepultura signing off...
   • This is The Soul Manager saying goodbye...
   • Greetz to: Immortal Riot, RuxCon!

 Dettagli del file Linguaggio di programmazione:
 Il malware è stato scritto in Assembler.

Descrizione inserita da Sergiu Oprea su martedì 11 aprile 2006
Descrizione aggiornata da Sergiu Oprea su martedì 11 aprile 2006

Indietro . . . .