A recently discovered piece of malware that infects both Windows and Linux systems has been analyzed by Kaspersky. The media is all fired up about this, giving it international coverage and even inspiring commentary from SANS.
Given the attention, it begs the question, "how likely is it that a cross-platform worm or virus will actually survive and prosper?" Despite what some other folks are saying, I think it's pretty unlikely. Why is that, you ask? Because a tremendous number of folks outside of the virus-writing world are working on maximizing portability and to-date we don't have native code that runs on multiple platforms. That's why we have Java, .NET, and virtualization. Trying to do anything other than very simple tasks increases the overhead requried for portability tremendously. This particular piece of malware, for example, is extremely rudimentary - it manipulates files to replicate and it relies only on the most basic of operating system services. Trying to do anything more complex: opening a socket, embedding itself in the OS, stealth techniques, etc. are all orders of magnitude more complex than basic file manipulation.
So, my advice is not to panic about this. Not that cross-platform malware can't be created (it can - take the iis/sadmind worm), but it's unlikely that this proof-of-concept heralds a new breed of malware as some sources are saying.
Posted by Ed at April 10, 2006 11:37 AM