It is been quite a long time now; since first SAP virus appeared in year of 2002. It was the first and most likely the famous one till now; very last virus for enterprise application environment – SAP. It seems to be written earlier in 2000 as a proof-of-concept virus. Concept is proofing that not business application platform as SAP is not resistant from viruses. The Virus is also known as SAP.VSoft.A, SAP.Willi.A, ABAP/Rivpas was probably coded by some Spanish speaking guy as can be observed in its code. It is written in ABAP and its purpose is to spread itself without monitoring of its activity. Of course virus will not replicate in its form and it is needed to be installed manually for first time in SAP system and therefore is kind of intended virus. To be setup such a virus there always must be somebody with user’s authorization for accessing developer’s transaction like SE38/SE80. For detail analyses of this virus see here.
SAP AG published a consulting SAP note 512595 related to this virus describing its behavior and how to prevent it.
Until this “first occurrence” of SAP virus no other viruses for SAP business application platform has been reported. SAP AG is paying a lot of attention to secure its products. E.g. refer to its security guide, security portal on OSS, security notes in OSS components: BC-SEC or BC-SEC-VIR, etc. Within the NetWeaver platform there is a broad focus on security aspect. A brand new Virus Scan Interface (VSI) is available to be used for integrating external virus scanner programs into SAP system to for scanning files or documents that are processed by SAP applications for viruses. In case of ABAP Application server stack check following transactions: VSCAN, VSCANGROUP, VSCANPROFILE, VSCANTEST, VSCANTRACE. For overview of SAP’s data security products check out note 786179.
I don’t believe that there are no and will not be other viruses or similar malicious type of software “dedicated” to SAP platform. Now we are quite safe but time is passing by so fast and new, more sophisticated techniques in creating such a “software” are in development and they will come to reality very soon.