Home > Computers and Internet, Security > A Virus which can infect both Windows and Linux (Cross Platform)….

A Virus which can infect both Windows and Linux (Cross Platform)….

by Shivaranjan on April 11, 2006


I always had a feeling that virus i.e (the god damn code which always creates havoc in cyberworld) could be written for one particular OS. This new virus is written in assembly language can infect both Windows and Linux. According to me this is breakthrough for the virus writers as they a can create one single virus and which will work in all platforms. So let’s get ready for the attacks… :sad:

Weve received a new sample: another cross platform virus. This sample is the latest attempt to create malicious code which will infect both Linux and Win32 systems. Its therefore been given a double name: Virus.Linux.Bi.a/ Virus.Win32.Bi.a

The virus is written in assembler and is relatively simple: it only infects files in the current directory. However, it is interesting in that it is capable of infecting the different file formats used by Linux and Windows – ELF and PE format files respectively.

To infect ELF files, the virus uses INT 80 system calls and injects its body into the file immediately after the ELF file header and before the .text section. This changes the entry point of the original file.

Infected files are identified with a 2-byte signature, 7DFBh, at 0Bh.

The virus uses the Kernel32.dll function to infect systems running Win32. It injects its code to the final section, and gains control by again changing the entry point. Infected PE files contain the same 2-byte signature as ELF files; the signature is placed in the PE TimeDateStamp header.

Infected files contain the following text strings:

[CAPZLOQ TEKNIQ 1.0] (c) 2006 JPanic:

This is Sepultura signing off…

This is The Soul Manager saying goodbye…

Greetz to: Immortal Riot, #RuxCon!

The infector itself contains the following strings:



The virus doesnt have any practical application – its classic Proof of Concept code, written to show that it is possible to create a cross platform virus.
However, our experience shows that once proof of concept code is released, virus writers are usually quick to take the code, and adapt it for their own use.

Detection for Virus.Linux.Bi.a/ Virus.Win32.Bi.a was added to the Kaspersky Anti-Virus databases shortly after the sample was received.

Source: Kaspersky Lab

Did you enjoy this article? Please subscribe to RSS Feed to receive all the updates!

Related Posts:

  • No related posts found

{ 1 comment… read it below or add one }

sites May 7, 2013 at 8:54 am

My wife and i have been contented that Raymond managed to complete his researching out of the ideas he had while using the web page. It’s not at all simplistic to simply always be giving out points which most people could have been trying to sell. Therefore we recognize we have got you to thank for this. The type of explanations you have made, the easy site navigation, the relationships you can make it easier to instill – it’s most remarkable, and it’s assisting our son in addition to us consider that this topic is cool, and that is extraordinarily pressing. Thank you for the whole thing!

Leave a Comment

Previous post:

Next post: