10 Replies - 1160 Views - Last Post: 21 October 2018 - 02:27 PM

#1 NeoTifa   User is offline

  • NeoTifa Codebreaker, the Scourge of Devtester
  • member icon





Reputation: 4425
  • View blog
  • Posts: 18,923
  • Joined: 24-September 08

How to make viruses for Linux?

Posted 14 October 2018 - 10:47 AM

Now that I've got your attention, I am tasked with making an antivirus for Linux for my final project in my operating systems class. I'm not really getting any hits on Google except "8 reasons why you don't need antiviruses for Linux, you'll never believe your eyes! Hackers hate him!" The most I've gotten is they have a specific signature, but I can't find out what those entail, and I'm thinking it's for obvious reasons (so nobody makes them) but how am I supposed to scan for them when I don't know what they are? Also, does anybody have any sample pseudo-viruses or false viruses that I could use to test? I can't bring myself to actually create one (if I find out how) as I will feel dirty. Also, will this research make the internet popo take me away? Thanks!

Is This A Good Question/Topic? 0
  • +

Replies To: How to make viruses for Linux?

#2 MentalFloss   User is offline

  • .
  • member icon

Reputation: 619
  • View blog
  • Posts: 1,588
  • Joined: 02-September 09

Re: How to make viruses for Linux?

Posted 14 October 2018 - 12:15 PM

It seems there are AV packages that are open source, so I would start there: https://en.wikipedia...pecific_threats
Was This Post Helpful? 1
  • +
  • -

#3 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14854
  • View blog
  • Posts: 59,272
  • Joined: 12-June 08

Re: How to make viruses for Linux?

Posted 14 October 2018 - 12:29 PM

Is this a project of your choosing, or given to you?

https://github.com/joxeankoret/multiav
http://www.openantiv....org/latest.php
Was This Post Helpful? 1
  • +
  • -

#4 NeoTifa   User is offline

  • NeoTifa Codebreaker, the Scourge of Devtester
  • member icon





Reputation: 4425
  • View blog
  • Posts: 18,923
  • Joined: 24-September 08

Re: How to make viruses for Linux?

Posted 14 October 2018 - 12:42 PM

Both, we have to make some low level program and there were a few options, and our group picked this one, though I fear every group will pick this one.
Was This Post Helpful? 0
  • +
  • -

#5 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14854
  • View blog
  • Posts: 59,272
  • Joined: 12-June 08

Re: How to make viruses for Linux?

Posted 14 October 2018 - 12:54 PM

Ew.. if this is what was picked I hate to see the others.
Was This Post Helpful? 0
  • +
  • -

#6 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 6767
  • View blog
  • Posts: 23,071
  • Joined: 05-May 12

Re: How to make viruses for Linux?

Posted 14 October 2018 - 07:51 PM

I only did a quick scan through the links above, and I got the impression that they are mostly signature based... E.g. a file is scanned and checked to see if some byte patterns appear within them file, then it must contain a virus. Only one of them was just a big shell that ran other virus checking engines and left how they did their checks as a blackbox.

In the Windows side, the better virus checkers have advanced to starting to watch the behavior of processes that are running and try to detect suspicious behavior like repeated attempts to read it modify sensitive files, registry entries, or settings; or phone home attempts; or opening ports; etc.
Was This Post Helpful? 2
  • +
  • -

#7 NeoTifa   User is offline

  • NeoTifa Codebreaker, the Scourge of Devtester
  • member icon





Reputation: 4425
  • View blog
  • Posts: 18,923
  • Joined: 24-September 08

Re: How to make viruses for Linux?

Posted 15 October 2018 - 08:20 AM

Thank you all for your responses. I've done quite a bit a research, but it still feels overwhelming to me. Such is life I guess lol. atraub (I think that was his username) gave a suggestion to me yesterday to do a vulnerability scanner instead. Sounds interesting so I proposed it to my team. We shall see how it goes. Thank you!
Was This Post Helpful? 0
  • +
  • -

#8 Radius Nightly   User is offline

  • D.I.C Regular

Reputation: 39
  • View blog
  • Posts: 305
  • Joined: 07-May 15

Re: How to make viruses for Linux?

Posted 15 October 2018 - 02:39 PM

You can use this little official False Virus that all Anti-Viruses must detect. Its test virus that all EU antiviruses has to detect, its simple and main test corporations uses to test main function of antivirus (*.com, *.com.txt, virus file inside *.zip of a *.zip).

EICAR - European Expert Group for IT-Security (Test Virus)
European Expert Group for IT-Security (ASCII)
European Expert Group for IT-Security (File)

Antivirus may have several types of searches, as several different ways of scanning a file, so i guess you can pick the one you like, but dont go with the simplest (hashing/signature), even it got the biggest database (its pointless, because if you get detected file, simply add 00 in his HEX code at the end or modify it in any way, same file wont lose any of its functionality, but it will become new/different file thats hasnt been detected and his hash doesnt exist in the database, means its virus that cannot be detected by hash, because it doesnt exist), simply stupid, and dont go too far such as heuristics and virtualization, maybe something between, like searching beggining or/and the end of a given file, or even a whole file, quick and full scan can be done easily.

Given EICAR can be used as your template material.

This post has been edited by Radius Nightly: 15 October 2018 - 03:08 PM

Was This Post Helpful? 3
  • +
  • -

#9 baavgai   User is offline

  • Dreaming Coder
  • member icon


Reputation: 7397
  • View blog
  • Posts: 15,330
  • Joined: 16-October 07

Re: How to make viruses for Linux?

Posted 16 October 2018 - 04:28 AM

View PostNeoTifa, on 14 October 2018 - 12:47 PM, said:

they have a specific signature ... how am I supposed to scan for them when I don't know what they are?

Interesting bit of computer history. Long ago, before web browsers, in the bad old days of Usenet, BBSes, and other primitive social networks, a guy named McAfee, yes that McAfee, started to collect computer viruses. People would send him stuff they found in the wild. He formed a company, sold a company, went batshit crazy, probably killed some guy in Belize, and the rest is history.

Right, so you go to open source projects and collect their sigs. With the caveat that a "sig" is really just a chunk of the machine code considered long enough to be identifying and unique. Sure, you could just store the whole virus, but I don't know of any company that does that. And, of course, the danger of false positives is high.

Also, and this is sneaky cool, some viruses mutate. That is, to live, they have to execute their program. However, how that program is organized can be highly variable. Think a lot of JMPs and white noise and you get the idea. This is also a cause for false positives, because now you have to look for chunks of code rather than long runs of code.
Was This Post Helpful? 4
  • +
  • -

#10 Radius Nightly   User is offline

  • D.I.C Regular

Reputation: 39
  • View blog
  • Posts: 305
  • Joined: 07-May 15

Re: How to make viruses for Linux?

Posted 17 October 2018 - 03:34 PM

You can get some sigs from antiviruses, like the one from Emsisoft, IDK if they are encrypted or Emsi simply doesnt care for sig folder inside him. Dont forget to load all sigs in RAM before scanning to speed things up (Emsi got like ~512MB of sigs). Quarantine shouldnt be a problem, threads to scan faster maybe. You can find some old EEK from Emsi thats free (all their stuff arnt free today i guess, even free version req. license) so you can look at the portable version and settings idea too.
All antivirus companies are well connected today, they all gathering false positive files from users as well as suspected files on email and online scanning sites (heuristics located at EU, Russia and USA, with some remote malware you can enter it if its something new) to investigate and some of them share their information with other companies, some of them merged together and share their technologies, implement both scanning technololgies or so, but still shows thats like two different companies, so each sigs you find should be fine. Except some outdates and problems, they mainly fight over UI, efficiency, options, weight, speed, ADS and similar thats based on how it works in the first place.

This post has been edited by Radius Nightly: 17 October 2018 - 03:37 PM

Was This Post Helpful? 1
  • +
  • -

#11 hexagod   User is online

  • 😂😂😂
  • member icon

Reputation: 25
  • View blog
  • Posts: 568
  • Joined: 29-October 16

Re: How to make viruses for Linux?

Posted 21 October 2018 - 02:27 PM

Doesn't it take years to develop antivirus software? I don't know how they expect you to do it for a project. I thought you had to know assembly, be able to scan the code sitting in memory and going through the processor.


If I were to do it (which I wouldn't, because it'd be too time consuming), I would get viruses, run them, and see what the assembly was doing, then figure out a way to intercept blocks of said assembly in memory and scan blocks of machine code sitting in the HDD.
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1