| The ELF Virus Writing HOWTO: Introduction | ||
|---|---|---|
| Prev | ||
This document is not yet officially accepted by LDP. You might want to look at the discussion on LDP-discuss. [1] There also was an interesting discussion at kuro5hin (perhaps because I did not participate). [2] For the time being you will find the document at the following sites.
Every "regular" site hosts complete source of this release and all previous versions: ../../archive.
A document version takes two files in the archive. The date format is yyyy-mm-dd. Obviously there can be only one new version per day. For example:
| virus-writing-HOWTO-2003-01-09.html.tar.gz |
| virus-writing-HOWTO-2003-01-09.tar.gz |
http://virus.enemy.org/virus-writing-HOWTO/_html/index.html [3]
http://wildsau.idv.uni.linz.at/~k3032e4/virus-writing-HOWTO/_html/index.html [4]
http://virus.bartolich.at/virus-writing-HOWTO/_html/index.html
http://tms.dicp.de/~alba/virus-writing-HOWTO/_html/index.html [5]
http://www.lwfug.org/~abartoli/virus-writing-HOWTO/_html/ [6]
Geographic location is based on http://netgeo.caida.org/perl/netgeo.cgi. An interesting variation on the topic is the applet at http://visualroute.visualware.com. Anyway, in two cases people convinced me that their server really is somewhere else.
http://www.synflood.at/virus/virus-writing-HOWTO/_html/index.html [7]
http://www.l0t3k.org/biblio/howto/english/virus_writing_howto/
http://mxscan.homedns.org/public_html/virus-writing-HOWTO/_html/index.html [8]
http://wizard.ae.krakow.pl/~wasylysp/txt/Virus_Writing_HOWTO/
http://linuxdox.org/documents/Viruses/The_Linux_Virus_Writing_HOWTO/
http://cbcg.net/virus-writing-HOWTO/_html/index.html [9]
http://www.peacefulaction.org/alba/virus-writing-HOWTO/_html/index.html [10]
You are free to mirror this document anyway you like (that's pretty obvious given the license). And if you give me notice I will add your site to the list above. However, I ask for a few things:
Make a complete copy, including ../../archive and ../../feedback/de/nai.
Keep the directory structure. Otherwise these relative links won't work.
Check the sites in Directly updated by me for updates.
I use the following script to keep my sites updated. It should be started daily via cron. The script tries to download todays version from the archive at another site. If wget succeeds the two downloaded files are stored in the local archive and the document directory is replaced by the new version. The directory layout is assumed to be that of a regular user publishing directory ~/public_html.
The script accepts a single argument, a date, specified as yyyy-mm-dd. This argument defaults to "today". To gracefully cover different time zones the script tries to download "yesterday" if "today" fails.
#!/bin/sh
#
# last modification 2002-05-20
#
format="+%Y-%m-%d"
today=${1:-$( date ${format} )}
yesterday=$( date ${format} -d "${today} 1 day ago" )
master=http://virus.enemy.org/archive
archive=public_html/archive
function one_day()
{
local today=$1
local html=virus-writing-HOWTO-${today}.html.tar.gz
local src=virus-writing-HOWTO-${today}.tar.gz
if [ -e $HOME/${archive}/${html} ]; then
echo "Nothing to do."
return 0
fi
if cd $HOME/${archive}; then
wget -c ${master}/${html} ${master}/${src}
if [ -e $HOME/${archive}/${html} ]; then
if cd ${HOME}/public_html; then
rm -rf virus-writing-HOWTO
tar zxf $HOME/${archive}/${html}
[ -e ${HOME}/.forward ] && mail $(whoami) -s wget < $HOME/log
rm $HOME/log
return 0
fi
fi
fi
return 1
}
one_day ${today} || one_day ${yesterday} |
The document was initially hosted on a recreational machine at the University of Linz in Austria. German speaking readers might find the exchange of emails between Network Associates, Inc. and the admin of the original web-site interesting. There are rumors that this eventually lead to the removal of my pages.
Anyway, university officials handled the matter in style. I can understand that they don't want to be associated with such delicate matters. No bad feelings there. But the technical expertise of a world class anti-virus company deserves broad audience. Here is my humble translation of the first mail:
Dear Sirs,
Our anti-virus team reports that instructions for the construction of Linux computer viruses are located on the network of the University of Linz. Since these documents can be used as building plan for the creation of dangerous viruses, we recommend to remove the corresponding pages from the WWW server.
The link is: http://wildsau.idv.uni-linz.ac.at/~k3032e4/
Yours sincerely DI Thomas Steiner Network Associates, Inc.
The humorous reply is beyond my capabilities of translation. I'll just continue with the second mail from NAI.
Dear Mr. Rosmanith,
I must say that your ironic remarks don't contribute to ease the relationship between University and business world. The nature of your feedback gives cause for concern, especially since you don't object to distribution of virus construction kits. This is sad and disturbing.
The reason for our advise is the tendency of affected companies to sue web providers (and Universities) offering malware or virus kits acting as knowledge base for new virus derivatives for horrendous compensation.
Usually our warnings are received positively and are not answered with infantile ignorance, as in your case.
Hereby we have given you notice of the dangers.
Yours sincerely DI Thomas Steiner Network Associates, Inc.
A hilarious reply to this got no answer.
| [1] |
| ||||
| [2] | |||||
| [3] | Thanks go to enemy.org | ||||
| [4] | Thanks go to Herbert Rosmanith | ||||
| [5] | Thanks go to Andreas Thienemann | ||||
| [6] | Thanks go to Laramie Wyoming Freenix User's Group | ||||
| [7] | Thanks go to synflood.at | ||||
| [8] | Thanks go to mxscan | ||||
| [9] | Thanks go to Cipher Block Chain Gang | ||||
| [10] | Thanks go to Peaceful Action |