A Simple Virus Written...in Bash!

Feb 17, 2016 05:42 AM
Feb 17, 2016 06:12 PM

Fugu - a simple virus in bash.

I once told a friend of mine I'd written a virus in bash and he scoffed - "You can't write a virus in bash!" - he sniggered, like an ignorant idiot.

Take my script, read and run it I told him. He declined.

I still have that script so thought I'd share it.

What is a virus?

I think the term is used out of context nowadays. By definition a virus is something that infects a host, and reproduces. A computer virus behaves very much like a biological one which is where the term comes from.

Before you run the code...

The script is called fugu. I suggest that anyone who tries to run the script create a suitable environment to do so. This is ust for fun and experimentation, not about being malicious and I discourage such behaviour.

Nothing malicious is taking place, we're simply copying code from script to script so no real damage is done and any alterations can be reversed. - but I would still recommend you create a suitable environment for testing/execution.

The script will only infect it's current directory and any sub-directories therein, so begin by creating a directory to contain the test...create some sub-directories within. A simple heirarchy of directories something like this should suffice:

test/

test/a/

test/a/b/

test/a/b/c/

Copy the fugu code (at the bottom of the page) into a text editor and save it

to the test/ directory as fugu. So you should have a bash script named:

test/fugu

Now...since fugu finds and infects other bash scripts, we should create some to that we can verify the script worls properly. Here's a simple example script you can copy and paste:

#!/bin/bash

echo "This is a test script"

echo

exit 0

Make a few copies of it, save it to the following files:

test/z

test/a/y

test/a/b/x

test/a/b/c/w

How it words.

Before you run it, it's best to understand how it works. I have two versions of the script, one tht gives some output (probbaly more confusing than anything) and has lot's of comments. Any one with no comments and gives no output.

But they both do exactly the same thing...

  1. First, fugu will list the contents of the current directory and

cycle through them one at a time.

  1. If a directory is found, fugu will cd to that directory and begin

to search that directory.

  1. If any file is found it must meet specific criteria - first, it must

begin with a #!/bin/bash shebag, second it must NOT contain a very

specific pattern that should be unique to fugu infected scripts.

  1. If the file meets the criteria fugu copies itself to the script so

that when the script is next run, it will execute the fugu code first,

then its own original code second.

  1. If no infected files are found fugu will continue to search subsequent

sub-directories looking for a host file to infect, if none are found,

fugu exits and does nothing.

since we use commands like ls we get alphabetical results, if you think of our structure:

test/z

test/a/y

test/a/b/x

test/a/b/c/w

Since a comes before z fugu will find a first, find that it is a directory and cd to there where it will begin to search the a directory for files and folders.

Since b will be found before y we cd to b...c will be found before x so we cd to c...and w is all there is in the c directory so w should be the first file that fugu finds and infects. You might wants to chuck some regular files around just to verify that fugu isn't affecting regular text files.

Execute fugu:

cd test

chmod 0755 fugu

./fugu

cat a/b/c/w

Next time we run fugu, it will again find directories a, b, c...this time it will find that the w file within the c directory is already infected...since there's nothing else in the c directory, fugu will backtrack and end up back in the b directory - and this time will find and infect the x file.

Next time it will infect, y, then lastly z.

Fugu will not infect itself!

I won't spend too much time going into detail, it's probably more interesting to just read the script. Hope someone learns something from it, criticisms or even improvements encouraged and welcomed.

Much obliged!

##########################################################################

I deleted the scripts here - commented script had a few changes made andis on pastebin @ http://pastebin.com/JtHEz6UW

Still a few alterations I'd like to make. Cheers

Related Articles

637587411395252764.jpg

How to Perform Advanced Man-in-the-Middle Attacks with Xerosploit

635211718118959676.jpg

How to Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

Comments

No Comments Exist

Be the first, drop a comment!