Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Califax - Virus for Linux by Stealthf0rk

Virus for Linux

Stealthf0rk
Show all viruses by this author

1998-12-27

Comments
Download califax.zip (10847 bytes) or browse online

Author's notes

What you got is a source-code infector wich replaces (if there is one) the stdio.h file in /usr/local/include directory. Normally there is nothing wich can become destroyed. Due to a nice feature in GCC its possible to include nasty code in every file wich gets compiled. [Of corse you need to be root to touch files in the described dir.] This is possible bcoz GCC searches in /usr/local/include for stdio.h before it gets the real one in /usr/include. Our virus simply gives GCC this stdio.h wich includes the real one. So there should be no errors while comiling the future-infected file. For further information look at califax.c, the virus source. Its well commented.

There are some other files too wich you may be need to build the virus. Type 'make' and you will get a new califax.c wich you have to compile.

ok, what have has califax ? (urgh ...)

califax was tested with kernel 2.0.33 and GCC 2.7.2 and libc 5.3.12 and on the dos target: DOS 6.22 with GCC 2.5.7 where the includes are installed also on /usr/include. If it doesnt work, you should use the -v flag while you compile test.c.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org