See
Torvalds creates patch for cross-platform virus.
Bi.A (
my description,
Kaspersky description) is a cross-platform Linux/Win32 virus reported by
Kaspersky Lab earlier this month. Of course, it's not the first virus in its kind, other Win32/Linux viruses are
Winux/
Lindose/
Peelf and D version of
Simile/
Etap.
It turned out, that Bi.A does not work with newest Linux kernels (starting from 2.6.16 according to Linus). This is because the kernel destroys one of the registers' value due to faulty optimisation. I don't know any official specification on x86 binary system call interface, but it's expected that the kernel do not modify registers that are not output parameters. So Linus fixed the kernel and future versions will correctly run this virus and any similar programs that use the ftruncate system call through int 0x80 instead of libc functions.
Note that the NewsForge article assumes that Bi.A is an old virus, because it uses old system calls, but it's pretty common that virus writers use old methods as long as they work.
Szólj, ha lefordítsam neked magyarra!
