Jump to content
Tuts 4 You

Dual OS Virus


cyb3rl0rd1867

Recommended Posts

cyb3rl0rd1867

I recently heard about w32/simile virus that was dangerous for both linux and windows. More info here. I was curious to know what the header of such a file would look like, since microsoft uses Pe headers and linux uses elf headers. How would it be possible to make it compatible with both?

Link to comment

I recently heard about w32/simile virus that was dangerous for both linux and windows. More info here. I was curious to know what the header of such a file would look like, since microsoft uses Pe headers and linux uses elf headers. How would it be possible to make it compatible with both?

It sounds like you're expecting the virus to exist as a single file on disk which would somehow be executable on both systems. This is not how it works. The virus is simply code in an infected file. There is no external file that is used.

When you introduce an infected file to a system, the virus will search for other files in both formats. Whichever format is found causes the virus to run the appropriate code: if Linux, run Linux infection; if Windows, run Windows infection.

Link to comment
cyb3rl0rd1867

But the external virus file would only be compatible with one OS, correct?

Edited by cyb3rl0rd1867
Link to comment

But the external virus file would only be compatible with one OS, correct?

The infected file is compatible with only one OS, but the virus code inside it can search for files in either format.

It works this way:

An infected file for the current OS is executed. The virus code then searches for both Linux and Windows files on that system, and infects them regardless of which OS is active.

If the resulting infected file is for the current OS, then it can execute on that OS.

If the resulting infected file is for the other OS, then it cannot be run until it is copied onto that OS.

There is no single file that can run on both systems.

Link to comment

maybe can be a java code, or batch code ..... but for pdf maybe is a autorun.inf in the usb, and the exe can be any link to dowload in temp o similar..

the other nfo was sayed by peter ferrie :) greetings..

i think thats not run in the other os, only can drop files..

because the text say

smile say Type: Directs action Win32

but peter is 100% in the way because:

Peter Ferrie is a Senior Virus Researcher at Symantec Security Response. He specializes in the

detection and repair of Win32 malware, reverse-engineering file formats, and the development of

engine enhancements for Symantec AntiVirus products.

Peter contributes to Virus Bulletin magazine. He joined the Computer Antivirus Research

Organisation (CARO) in 2001.

Edited by apuromafo
Link to comment
  • 5 months later...

A while back there was a client side exploit in the latest version of firefox (3.5.0 i think) that worked well on all OS's, the only thing the attacker needed to do, was have a simple if() on a malicious php page that found the OS through the user agent, and deployed the corresponding shellcodes

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...