Although it hasn’t been unleashed on the Internet, a new variant on a virus marks an advancement in the complexity of the viruses that may be coming down the pike.
The new virus, Simile.D, is piquing some interesting in the security community because it’s largely considered to be the first complicated virus with cross-platform capabilities. It’s able to infect both Windows 32 systems and Linux operating systems, multiplying its capabilities.
If it had been let loose into the digital wild, Simile.D could have vexed network and security administrators by its ability to jump back and forth from Windows to Linux machines.
Simile.D, the fourth variant on the Simile virus that was first detected in March, is complex, being both polymorphic and metamorphic. That means the program is designed to hide the virus’ presence, while also randomizing the size of the program to help disguise it.
“It’s harder to detect because instead of just figuring out where the code is, you have to have some way of recognizing it and knowing what its going to do,” says Roger Thompson, technical director of malicious code research at TruSecure Corp., a security consultancy based in Herndon, Va. “It’s proof of concept. It’s proof that one virus can infect on both platforms even though it’s metamorphic.”
But Thompson emphasized that the virus isn’t posing much of a threat because it was detected and noted among the anti-virus industry before it could even be let loose on the Internet. The importance of Simile.D lies not on the amount of danger it poses to corporate networks but instead on the evolution of the virus.
If Simile.D did infect a computer, it wouldn’t actually cause much damage.
Sharon Ruckman, senior director of Security Response at Cupertino, Calif.-based Symantec Corp., explained that on a Windows system, the virus simply opens a dialog box, with the name of the virus, on two different dates — March 17 and Sept. 17. On a Linux operating system, it would post a similar message on March 17 and May 17.
Ruckman agrees with Thompson that it’s the cross-platform aspect of the virus that is causing a small stir.
“Usually they don’t cross pollinate,” she notes. “In terms of virus writing, it’s an evolution…Threats are becoming more complex. This is the hackers taking a step forward.”
Thompson explains that the hacker would have to email the virus to someone for it to infect her computer.
“If people keep their anti-virus software updated, there shouldn’t be any problem with this one,” says Thompson, who notes that there are an estimated 60,000 viruses and only a few hundred in circulation at one time. “It’s not being spread. It’s in collection. …Whether anybody else does anything with it remains to be seen.”