Downloaded the virus for Linux.
Installed it under root.
It didn’t start. Spent 2 hours googling. Realised that the virus instead of /usr/local/bin installed itself into /usr/bin where user malware does not have the write permissions. That’s why the virus could not create a process file.
Found the patched .configure and .make files on the Chinese site. Recompiled, reinstalled. Virus announced that it needs the cmalw-lib-2.0 library. Found out that cmalw-lib-2.0 only exists for CentOs, but not for Ubuntu. Googled couple of hours, found a manual how to compile .deb from source. Compiled, installed, virus happily started, beeped in a speaker and terminated with a core dump.
The hour I spent reading syslog told me that the virus thought I have ext4 and called its api to encrypt the disk. This api is deprecated in btrfs, that’s why Linux realised that inconsistency and made the partition read-only.
Opened the virus source code, grep‘ped the bitcoin wallet and sent $5 just out of compassion.
Went to bed…
Source (in Russian), translation by DarkDuck