Fugu - a simple virus in bash.
I once told a friend of mine I'd written a virus in bash and he scoffed - "You can't write a virus in bash!" - he sniggered, like an ignorant idiot.
Take my script, read and run it I told him. He declined.
I still have that script so thought I'd share it.
What is a virus?
I think the term is used out of context nowadays. By definition a virus is something that infects a host, and reproduces. A computer virus behaves very much like a biological one which is where the term comes from.
Before you run the code...
The script is called fugu. I suggest that anyone who tries to run the script create a suitable environment to do so. This is ust for fun and experimentation, not about being malicious and I discourage such behaviour.
Nothing malicious is taking place, we're simply copying code from script to script so no real damage is done and any alterations can be reversed. - but I would still recommend you create a suitable environment for testing/execution.
The script will only infect it's current directory and any sub-directories therein, so begin by creating a directory to contain the test...create some sub-directories within. A simple heirarchy of directories something like this should suffice:
Copy the fugu code (at the bottom of the page) into a text editor and save it
to the test/ directory as fugu. So you should have a bash script named:
Now...since fugu finds and infects other bash scripts, we should create some to that we can verify the script worls properly. Here's a simple example script you can copy and paste:
echo "This is a test script"
Make a few copies of it, save it to the following files:
How it words.
Before you run it, it's best to understand how it works. I have two versions of the script, one tht gives some output (probbaly more confusing than anything) and has lot's of comments. Any one with no comments and gives no output.
But they both do exactly the same thing...
- First, fugu will list the contents of the current directory and
cycle through them one at a time.
- If a directory is found, fugu will cd to that directory and begin
to search that directory.
- If any file is found it must meet specific criteria - first, it must
begin with a #!/bin/bash shebag, second it must NOT contain a very
specific pattern that should be unique to fugu infected scripts.
- If the file meets the criteria fugu copies itself to the script so
that when the script is next run, it will execute the fugu code first,
then its own original code second.
- If no infected files are found fugu will continue to search subsequent
sub-directories looking for a host file to infect, if none are found,
fugu exits and does nothing.
since we use commands like ls we get alphabetical results, if you think of our structure:
Since a comes before z fugu will find a first, find that it is a directory and cd to there where it will begin to search the a directory for files and folders.
Since b will be found before y we cd to b...c will be found before x so we cd to c...and w is all there is in the c directory so w should be the first file that fugu finds and infects. You might wants to chuck some regular files around just to verify that fugu isn't affecting regular text files.
chmod 0755 fugu
Next time we run fugu, it will again find directories a, b, c...this time it will find that the w file within the c directory is already infected...since there's nothing else in the c directory, fugu will backtrack and end up back in the b directory - and this time will find and infect the x file.
Next time it will infect, y, then lastly z.
Fugu will not infect itself!
I won't spend too much time going into detail, it's probably more interesting to just read the script. Hope someone learns something from it, criticisms or even improvements encouraged and welcomed.
I deleted the scripts here - commented script had a few changes made andis on pastebin @ http://pastebin.com/JtHEz6UW
Still a few alterations I'd like to make. Cheers
Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.
Other worthwhile deals to check out: