W32.Peelf.2132


Aliases: Linux.Peelf.2132, W32.Winux, Linux.Winux, W32/Lindose
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32, Linux
Discovered: 27 Mar 2001
Damage: Low

Characteristics: W32.Peelf.2132 was first discovered on March 27, 2001. Also known as Linux.Peelf.2132, W32.Winux, Linux.Winux, W32/Lindose, this proof-of-concept virus has the ability to execute on Microsoft Windows 95, 98, Me, NT, 2000 and has the ability to infect files on Linux systems.

More details about W32.Peelf.2132

W32.Peelf.2132 infects Microsoft Windows PE files and Linux ELF files. This proof-of-concept virus has the ability to infect files from both Windows and Linux operating systems at the same time. This means, it has the ability to infect files on either or both systems. Knowing the file structure of both Windows and Linux using the infection code enables the virus the ability to infect files. Once the infected file is executed under Microsoft Windows operating system, the virus searches the current folder and all folders for PE and ELF files. Under Linux, the virus searches the current directory only when an infected file is executed. The virus has the tendency to write itself on PE file that has a relocation section. It also removed the reference to the relocations. If an ELF files is found, the virus produces a copy of those bytes to the end of the file and overwrites the code at the entry point with itself. The files size will not increase for PE file, but in ELF file, the size of the file will increase. All files that are infected contain two strings: Win32/Linux.Winux] multi-platform virus by Benny/29A and This GNU program is covered by GPL.

This virus is not a high risk threat since it does not have the ability to propagate itself and contains no payload. However, there is still a manual removal of this virus. For Windows, update the latest virus definitions. Run a full system scan then delete all files detected by W32.Peelf.2132. For Linux, restore the infected files from backup. Finally, restart the computer in Normal mode.