Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Eternity - Virus for Linux by Cyneox

Virus for Linux

Cyneox
Show all viruses by this author

2005-04-01

Comments
Download eternity.zip (10240 bytes) or browse online

Released in RRLF#6

Author's notes

Its about an ELF virus infecting all executables ELF files in the current directory. Our virus has a certain size , lets call it "len". If a file is found "len" bytes from the entry point of the target will be copied at the end of the file. Then our virus will copy himself at the entry point.

For the first time I'm using a new art of EPO: Like I said "len" is the size of our virus body. After executing the virus code will "load" "len" bytes from EOF and will store the data at [ebp-d3lta+main], which is the entry point of our virus.

Maybe you're asking yourself how is it possible to overwrite data in the memory. Well therefore I used mprotect for making the memory region writeable and executable. After loading the data from EOF only the data in the memory will be overwriten. Overwriting the data in the file will be senseless: The virus will be simply overwriten by the original code and thats silly ;)

After infecting other files the infected file will encrypt his virus body beginning with [ebp-d3lta+start_virus]. At every execution of the file , a new encryption key will be generated making the ecryption routine safer. The "dropper" , the 0 generation , contains no encrypted data. Before decrypting the code several checks are done whether the virus body is encrypted or not. The virus will simply compare the first , 5th , 7th byte beginning from [ebp-d3lta+start_virus]. Just look at the code... Its the first virus I've commented so well... So have phun !! ;)


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org