Original link: https://blog.est.im/2023/stdin-10
Recently downloaded a Linux virus and unpacked it.
Tried running as root and found nothing.
After Google for two hours, I found that the virus was not unpacked to /usr/local/bin but was unpacked to /usr/bin where the malware user has no write permission, so the virus could not create the process file.
I found the modified .configure and .make files from a Chinese forum, recompiled and re-run it.
The virus said it needed cmalw-lib-2.0, but it turned out that this thing is in CentOS, not in Ubuntu. Googled for hours to find a way to build a .deb package from source.
The virus finally started to run, and then typed out a few lines of logs, spit out a core dump and crashed. After looking through the logs for an hour, I found that the virus assumed that it was running on the ext4 file system and then called the ext4 encryption API. But this API has been deprecated in btrfs, the kernel found this problem and made the partition read-only.
Open the source file, grep search out the BTC wallet address in the virus and give it $5 out of sympathy.
Haha Although there are many linux viruses now, but this one is too funny via
This article is transferred from: https://blog.est.im/2023/stdin-10
This site is only for collection, and the copyright belongs to the original author.