Saturday, November 9, 2013

Hand-Crafting a Linux Computer Virus… in Java!

It's a computer virus… for Linux… in Java. That's right, I've broken the Internet.
(app.exec is a shell script, hello.exec and hello2.exec are compiled C programs)

Disclaimer

There won't be any code in this post, nor will there be detailed plans for how to implement the theory. Do it yourself (or just don't do it at all—that's probably a good idea too). Bloody script kiddies.

Why Java?

Just cuz.

The General Idea

So how exactly does the virus work? Essentially, it creates an executable JAR file, with a hashbang at the beginning to make it executable. (ZIP files seem to be quite good at letting people shove random data at the beginning of them) The JAR file contains a copy of the virus, as well as a copy of the original uninfected program.
When the file is run, it searches for all exec files in the current directory (safety first!) and checks if they're already infected. If not, it applies the patch to them: compressing them inside an executable JAR file along with a copy of the virus.
Then, it uncompresses the copy of the original program into the temporary directory and executes it.
Interestingly, a side effect of this virus is that it makes the programs it infects smaller!

Notable Issues

  • Attempting to double-infect a program will cause it to massively screw up.
  • Programs that attempt to read themselves may unexpectedly find themselves to be corrupt.

Conclusion

It just goes to show, even if you run Linux, you still need to be vigilant around strange programs and email attachments, and you should probably get some sort of antivirus program too!

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home