Virus for Linux
JPanic
Show all viruses by this author
2006-04-05
Download clt.zip (528657 bytes) or browse onlineAuthor's description
CLT10 is a 1.2k infector of Win32 PE and Linux ELF files. The virus runs under 2 very different platforms: Win32 and Linux. One of the main aims of this virus, besides running under dual Operating Systems, is keeping it small and simple.
On execution under either Operating System the virus attempts to infect all PE and ELF files in the current directory. Under Win32 the virus calls Kernel32.dll, whilst under Linux the virus calls INT 0x80.
Infection of Win32 PE files is achieved by adding the virus to the last section. This is a fairly standard method. When infecting Linux ELF files, the virus creates a cave after the PHdrs, before ".text".
The virus is written in TASM and assembles and links to a Win32 PE host. This host can be used to infect other PE or ELF files.
The virus is built with Borland 'make' - see <'make' commands>.
- Best wishes: JPanic (aka Sepultura, aka The Soul Manager)!.
Donate