Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fedi.nlpagan.net/objects/0b7e296f-25c8-4af6-8834-2eba7ee6da8e">Paul (paul@fedi.nlpagan.net)'s status on Monday, 14-Aug-2023 02:03:55 JST</a><a href="https://fedi.nlpagan.net/users/paul" title="paul@fedi.nlpagan.net"><img src="https://gnusocial.jp/avatar/120277-48-20230812015205.webp" width="48" height="48" alt="Paul" style="position: absolute; left: 0; top: 0;">Paul</a></section><article><a href="https://fedi.nlpagan.net/tag/linux">#linux</a> <a href="https://fedi.nlpagan.net/tag/virus">#virus</a> <a href="https://fedi.nlpagan.net/tag/lol">#lol</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1943775#notice-3815761">In conversation</a><time datetime="2023-08-14T02:03:55+09:00" title="Monday, 14-Aug-2023 02:03:55 JST">about a year ago</time> <span>from <span><a href="https://fedi.nlpagan.net/objects/0b7e296f-25c8-4af6-8834-2eba7ee6da8e" rel="external" title="Sent from fedi.nlpagan.net via ActivityPub">fedi.nlpagan.net</a></span></span><a href="https://fedi.nlpagan.net/objects/0b7e296f-25c8-4af6-8834-2eba7ee6da8e">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1402523">By Roman Sharkov SanDownloaded a virus for Linux lately and
unpacked it.
Tried to run it as root, didn't work.
Googled for 2 hours, found out that
instead of /usr/local/bin the virus
unpacked to /usr/bin for which the
user malware doesn't have any write
permissions, therefore the virus couldn't
create a process file.
Found patched . configure and .make
files on some Chinese forum, recompiled
Tem Cee
The virus said it needs the library
cmalw-lib-2.0. Turns out
cmalw-lib-2.0 is shipped with CentOS
but not with Ubuntu. Googled for hours
again and found an instruction to build
a .deb package from source.
The virus finally started, wrote some
logs, made a core dump and crashed.
After 1 hour of going through the logs
| discovered the virus assumed it was
running on ext4 and called into its disk
encryption API. Under btrfs this API
is deprecated. The kernel noticed and
made this partition read-only.
Opened the sources, grep'ed the Bitcoin
wallet and sent $5 out of pity.</a></label><br><a href="https://media-akkoma-fedi-nlpagan-net.ilja.space/media/95eeed9c-a1f0-4ef9-ae79-228ff42258a7/virus.jpg" rel="external">https://media-akkoma-fedi-nlpagan-net.ilja.space/media/95eeed9c-a1f0-4ef9-ae79-228ff42258a7/virus.jpg</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Paul (paul@fedi.nlpagan.net)'s status on Monday, 14-Aug-2023 02:03:55 JST Paul
#linux #virus #lol
In conversationabout a year ago from fedi.nlpagan.netpermalink
Attachments
1. By Roman Sharkov San Downloaded a virus for Linux lately and unpacked it. Tried to run it as root, didn't work. Googled for 2 hours, found out that instead of /usr/local/bin the virus unpacked to /usr/bin for which the user malware doesn't have any write permissions, therefore the virus couldn't create a process file. Found patched . configure and .make files on some Chinese forum, recompiled Tem Cee The virus said it needs the library cmalw-lib-2.0. Turns out cmalw-lib-2.0 is shipped with CentOS but not with Ubuntu. Googled for hours again and found an instruction to build a .deb package from source. The virus finally started, wrote some logs, made a core dump and crashed. After 1 hour of going through the logs | discovered the virus assumed it was running on ext4 and called into its disk encryption API. Under btrfs this API is deprecated. The kernel noticed and made this partition read-only. Opened the sources, grep'ed the Bitcoin wallet and sent $5 out of pity.
  https://media-akkoma-fedi-nlpagan-net.ilja.space/media/95eeed9c-a1f0-4ef9-ae79-228ff42258a7/virus.jpg

Public

Embed Notice

HTML Code

Corresponding Notice