Caline | |
---|---|
Type | File virus |
Creator | Cyneox |
Date Discovered | 17-JUL-2004 |
Place of Origin | Germany |
Source Language | Assembly |
Platform | Linux |
File Type(s) | ELF |
Infection Length | 18,557 bytes |
Caline, also known as Lin32.Caline or Nel, is a 32-bit Linux virus by Cyneox. It was written in a combination of C and inline Assembly. It appeared in the first and only issue of Dark Coderz Alliance (DCA) zine.
Behavior
The original version of Caline requires that the user select a file for infection. Once selected, Caline opens the target file and maps it to memory. It then makes sure the file is an ELF file before infecting. It then looks for the necessary load segments. It then infects the file, patching the entry point address, the program header, and the sections header. It then creates a temporary file named Caline&Cyneox[2004].tmp, which stores the pure virus code that is then written to the target file after the code segment.It then renames the Caline&Cyneox[2004].tmp file to its original name and closes the target file.
Variants
There is one variant that doesn't take input from the user. It also displays the text "::: Caline I Miss You (Cyneox) :::". Its source code is unavailable and is difficult to replicate in our lab.
Origin
Caline was coded in 2004 by Cyneox. Most of Cyneox's work was done in Germany. The virus was coded in C with a significant portion of it being in-line assembly. Part of the name comes from its source language, a play on [C] [a]nd in[line] ASM. In his desciption of the virus, Cyneox says it took five days to complete the virus. Caline was also the name of his girlfriend and has been referenced in a few other places such as interviews and other viruses. The name spelled "câline" is also French for "cuddly".
Other Facts
The virus was used in research conducted at the Georgia Institute of Technology on black box programs.
Sources
Cyneox. CDA, Issue 1, Lin32.Caline Source Code. 2004
Second Part to Hell, Ready Rangers Liberation Front, Issue 6, Interview with Cyneox.
Ying Xia, Kevin Fairbanks, and Henry Owen. School of Electrical and Computer Engineering, Georgia Institute of Technology, Establishing Trust in Black-Box Programs.