It’s like that guy that posted an example Bitcoin miner on GitHub, then a bunch of script kiddies forgot to change his wallet info for their own before deploying… He made a good chunk of change by doing nothing malicious.
I laughed and my partner ask why. I told her it’s some really nerdy humor. She was fine not hearing the joke, but I loosely explained it anyway. She humored me anyway. She’s a good woman.
God my wife would just stare at me and then go on with her previous conversation.
So, essentially, really poorly written malware? Given the number of assumptions it makes without any sort of robustness around system configuration it’s about as good as any first-pass bash script.
It’d be a stretch to call it malware, it’s probably an outright fabrication to call it a virus.
This is… clearly a meme…
I wasn’t sure about it either. There’s security researchers out there who might genuinely want to get a virus to run in a VM.
But yeah, the
cmalw-lib-2.0
gives it away…Yeah, nobody uses
cmalw-lib-2.0
Its deprecated, now we use
hack-lib-client-1.17
systemd-malwared
and its front-endmalctl
are how the cool kids are doing it.systemd haters will moan and groan about ‘bloat’ and ‘unnecessary end-user hacking libraries’ smh
if youre gonna write linux malware at least distribute it as a flatpak ffs
Text version:
Downloaded a virus for Linux lately and unpacked it. Tried to run it as root, didn’t work. Googled for 2 hours, found out that instead of
/usr/local/bin
the virus unpacked to/usr/bin
for which the user malware doesn’t have any write permissions, therefore the virus couldn’t create a process file. Found patched .configure and .make files on some Chinese forum, recompiled and rerun it. The virus said it needs the librarycmalw-lib-2.0
.Turns outcmalw-lib-2.0
is shipped with CentOS but not with Ubuntu. Googled for hours again and found an instruction to build a.deb package from source. The virus finally started, wrote some logs, made a core dump and crashed. After 1 hour of going through the logs I discovered the virus assumed it was running on ext4 and called into its disk encryption API. Under btrfs this API is deprecated. The kernel noticed and made this partition read-onlyOpened the sources, grep’ed the Bitcoin wallet and sent $5 out of pity.
Isn’t this just a newer version of this? https://www.gnu.org/fun/jokes/evilmalware.html
Even if it were inspired, it is significantly different the way it’s written. I’ve hit these same challenges before, so I’m more inclined to think it is independent discovery.
The newer one is a lot funnier though.
I guess the process could be regarded as gain of function research.
This reminds me of the old linux hater’s blog post “At least we don’t have any viruses”.
Seems like the prediction about the web panned out…