Article

Security Bytes: Crossover platform virus on the loose

SearchSecurity.com Staff

Windows-Linux crossover virus found
Russian AV firm Kaspersky Lab said it has discovered a new crossover platform virus that can infect both Linux and Windows systems. In an analysis on its Web site, the firm said it has named the Linux version

    Requires Free Membership to View

Virus.Linux-BI-A and the Windows version Virus.Win32-BI-A.

The virus is relatively simple, Kaspersky said. It only infects files in the current directory. "However, it is interesting in that it is capable of infecting the different file formats used by Linux and Windows -- .elf and .pe format files, respectively," the firm said in the analysis.

To infect .elf files, "the virus uses INT 80 system calls and injects its body into the file immediately after the .elf file header and before the '.text' section, the firm said. "This changes the entry point of the original file."

Infected files are identified with a 2-byte signature, 7DFBh, at 0Bh

The virus uses the Kernel32.dll function to infect systems running Win32, the firm said. It injects its code into the final section and gains control by again changing the entry point. Infected .pe files contain the same 2-byte signature as .elf files; the signature is placed in the .pe TimeDateStamp header.

"The virus doesn't have any practical application -- it's classic proof-of-concept code, written to show that it is possible to create a cross-platform virus," Kaspersky said. "However, our experience shows that once proof-of-concept code is released, virus writers are usually quick to take the code, and adapt it for their own use."

ClamAV security holes fixed
Several security holes have been fixed in the open source ClamAV program, Danish vulnerability clearinghouse Secunia said in an advisory. Attackers could exploit the flaws to cause a denial of service or compromise a vulnerable system.

The problems are:

  • An unspecified integer overflow error in the .pe header parser in "libclamav/pe.c;"
  • Format string errors in the logging handling in "shared/output.c," which could be exploited to execute malicious code; and
  • An out-of-bounds memory access error in the "cli_bitset_test()" function in "ibclamav/others.c" that could be exploited to cause a crash.

Secunia said the vulnerabilities have been reported in version 0.88. Prior versions may also be affected. Users are advised to update to version 0.88.1.

IBM unveils SecureBlue
IBM unveiled a major security overhaul Monday, saying it will "greatly increase" the security of consumer products, medical devices, government applications and digital media. Developed by IBM Research and codenamed "SecureBlue," the new technology aims to add mainframe-level security to devices, which was previously only available in secure data centers, the company said in a press release.

"SecureBlue protects the confidentiality and integrity of information on a device even from an adversary that has physical access to or physical control of the device," IBM said. "As the use of various forms of digital devices becomes increasingly widespread and more essential, information becomes more distributed and thus more vulnerable, this kind of strong security becomes increasingly important since devices can be lost, stolen or otherwise left behind."

The company said SecureBlue is a security architecture that can be built into a microprocessor chip that provides capabilities that have not been previously available in embedded processor products. It is designed to protect the security of microprocessor chips as well as the security of an entire microprocessor-based device. Because it is based on secure hardware rather than software techniques, IBM said it provides strong protection for secrets and strong defenses against reverse-engineering and tampering.

"With mainframe-inspired security, SecureBlue can be used to protect the confidentiality of all the information on a device including documents, presentations and software as well as the keys that are used for communications security or digital signatures," IBM said.

IBM Technology Collaboration Solutions group will work with clients and partners across several industries, including consumer electronics, medical, government and digital media to integrate SecureBlue into products. IBM Technology Collaboration Solutions will license the technology, provide engineering, collaboration and design services to implement SecureBlue into customer designs, and help manufacture the product for clients, IBM said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: