Type File virus
Creator Cyneox
Date Discovered 17-JUL-2004
Place of Origin Germany
Source Language Assembly
Platform Linux
File Type(s) ELF
Infection Length 18,557 bytes

Caline, also known as Lin32.Caline or Nel, is a 32-bit Linux virus by Cyneox. It was written in a combination of C and inline Assembly. It appeared in the first and only issue of Dark Coderz Alliance (DCA) zine.


The original version of Caline requires that the user select a file for infection. Once selected, Caline opens the target file and maps it to memory. It then makes sure the file is an ELF file before infecting. It then looks for the necessary load segments. It then infects the file, patching the entry point address, the program header, and the sections header. It then creates a temporary file named Caline&Cyneox[2004].tmp, which stores the pure virus code that is then written to the target file after the code segment.It then renames the Caline&Cyneox[2004].tmp file to its original name and closes the target file.


There is one variant that doesn't take input from the user. It also displays the text "::: Caline I Miss You (Cyneox) :::". Its source code is unavailable and is difficult to replicate in our lab.


Caline was coded in 2004 by Cyneox. Most of Cyneox's work was done in Germany. The virus was coded in C with a significant portion of it being in-line assembly. Part of the name comes from its source language, a play on [C] [a]nd in[line] ASM. In his desciption of the virus, Cyneox says it took five days to complete the virus. Caline was also the name of his girlfriend and has been referenced in a few other places such as interviews and other viruses. The name spelled "câline" is also French for "cuddly".

Other Facts

The virus was used in research conducted at the Georgia Institute of Technology on black box programs.


Cyneox. CDA, Issue 1, Lin32.Caline Source Code. 2004

Second Part to Hell, Ready Rangers Liberation Front, Issue 6, Interview with Cyneox.

Ying Xia, Kevin Fairbanks, and Henry Owen. School of Electrical and Computer Engineering, Georgia Institute of Technology, Establishing Trust in Black-Box Programs.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License