This weekend, AV companies are faced with two new crossover malware.

There is a proof-of-concept virus that infects Windows and Linux executable files. Yep. This virus, PE_BI.B (Trend Micro’s detection for Windows executables infected by this virus) and ELF_BI.A (for Linux executables) infects Windows and Linux executables. Whew! Good thing it is just a PoC. Symantec has a single detection for this one, W32/Linux.Bi.

Then there is another crossover worm that infects Windows machines and Windows Mobile. MSIL.Letum.A@mm, as described by Symantec:

MSIL.Letum.A@mm is a worm written in Microsoft .NET’s Microsoft Intermediate Language (MSIL) that can affect both Windows PC and Windows Mobile powered devices that have the .NET framework installed. The worm arrives as an attachment to a spoofed email that pretends to come from Symantec and also spreads through Usenet servers.

Yep, it uses a social engineering technique. This worm spreads via an email message purporting to have come from Symantec. It is also the first one that propagates via newsgroups.

Trend Micro has a different take on this worm, WORM_LETUM.A. Nowhere in its description is the fact that it is written in MSIL, neither the info that it also affects devices running Windows Mobile.

What’s the matter? Why the difference in description?