A virus that infects AMD64-based Windows systems uses some tricky
techniques to make defensive reverse engineering more difficult,
security firm Symantec said this week.
The virus, dubbed W64.Bounds, is not spreading in the wild, but was
submitted as a proof of concept to antivirus researchers. The program
is not easy to detect because it encrypts itself using a new algorithm
and exploits a Windows feature available only on AMD64 systems to
control execution, Peter Ferrie, senior antivirus researcher for
Symantec, said in a post on the company's research blog.
Securityfocus