 |
 |
|||||
 |
 |
 |
 |
 |
 |
|
 |
 |
 |
||||
Linux.Arian
by herm1t
See also the project folder
About Linux.Arian
-----------------
This is the demonstration virus for the arithmetic and LZW compression
modules. It infecting files by compressing .text section of the victim. It
does not increase victim size. This looks as follows:
*BEFORE* *AFTER*
+-----------+ +------------+
| EHDR | text segment | EHDR |
| | | |
| | | |
+ - - - - - + +- - - - - - + <--EP
| .text | text seÓion | virus |
| | <--EP | compressed |
| | | .text | 00 | <-- padding zeroes
+ - - - - - + +- - - - - -+
| | | |
+-----------+ +------------+
| | data segment | |
| | | |
+-----------+ +------------+
Configuration and compiling
---------------------------
You can specify the options by adding or removing "-D<option>" to AFLAGS
variable in Makefile
The available options are:
LZW/ARI - use either ARIthmetic or LZW compression
(*mandatory*)
ALREADY_INFECTED - check if the file is already infected by
the virus
CMP_CRC32 - use crc32 to find names in string table
ZERO_FREE_SPACE - pad the .text section with zeroes
DEBUG - print magic after start
BE_PARANOID - additional validity checks against victim
USE_BRK - use brk to allocate memory, otherwise use
mmap
SAFE_BRK - mprotect memory allocated via brk (this
is on by default on Linux 2.4)
When just type `make'