The Linux Virus: how it can be

Downloaded the virus for Linux.

Unzipped it.

Installed it under root.

It didn’t start. Spent 2 hours googling. Realised that the virus instead of /usr/local/bin installed itself into /usr/bin where user malware does not have the write permissions. That’s why the virus could not create a process file.

Found the patched .configure and .make files on the Chinese site. Recompiled, reinstalled. Virus announced that it needs the cmalw-lib-2.0 library. Found out that cmalw-lib-2.0 only exists for CentOs, but not for Ubuntu. Googled couple of hours, found a manual how to compile .deb from source. Compiled, installed, virus happily started, beeped in a speaker and terminated with a core dump.

The hour I spent reading syslog told me that the virus thought I have ext4 and called its api to encrypt the disk. This api is deprecated in btrfs, that’s why Linux realised that inconsistency and made the partition read-only.

Opened the virus source code, grep‘ped the bitcoin wallet and sent $5 just out of compassion.

Went to bed…

Source (in Russian), translation by DarkDuck

Comments are closed.