ウイルスW32/Bi.A
発見日:11/04/2006
タイプファイル感染型
感染報告有りはい
感染報告
感染の可能性
ダメージ・ポテンシャル低~中
スタティック・ファイルいいえ
VDFファージョン:6.34.00.169

 一般情報 別名
   •  Symantec: W32/Linux.Bi
   •  McAfee: W32/BiWiLi
   •  Kaspersky: Virus.Win32.Bi.a
   •  TrendMicro: PE_BI.B
   •  Sophos: W32/Bi-A


プラットフォーム/OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Linux(リナックス)
   • Unix(ユニックス)




   

   Description
   
   W32/Bi.A is a proof of concept virus, designed as a Windows and Linux cross platform file infector. It has the ability to infect both PE and ELF executable structures.
   
   It scans the current folder for all files, and identifies PE and ELF executable files by their respective headers. The file infector contains two scenarios, one for the Windows executable format and one for the Linux format, and runs each infection type depending on the file it finds and infects.
   
   The virus body is a non encrypted 1287 bytes code segment. In the case of a PE file, the body is appended at the end of the executable file, and the file header is modified to allow the viral code to be executed. When infecting ELF files, the virus body is inserted before the beginning of the executable file, and modifications are made in the header to compensate for this offset.
   
   Being a proof of concept virus, it does not take any action other than infecting files.
説明の挿入者 Sergiu Oprea の 2006年4月11日火曜日
説明の更新者 Sergiu Oprea の 2006年4月11日火曜日

戻る . . . .