The ELF Virus Writing HOWTO

Alexander Bartolich
February 2003

This document describes how to write parasitic file viruses infecting ELF executables. Though it contains a lot of source code, no actual virus is included. Every mentioned infection method is accompanied with a practical guide to detection. Writing a program that inserts code into another program file is one thing. Writing that program so that it can be injected itself is a very different art. Although this document shows a lot of code and technique, it is far from being a "Construction Kit For Dummies". You can't build a working virus just by copying whole lines from this text. Instead I'll try to show how things work. Translation of infecting code to a assembly is left as (non-trivial) exercise to the reader. An astonishing number of people think that viruses require secret black magic. Here you will find simple code that patches other executables. It is not hard to write a virus - once you have a good understanding of assembler, compiler, linker and operating system. It's just hard to let it make any impact.

