|Place of Origin|
|Infection Length||1,627 bytes|
When executed, Rike searches for ELF files in the current directory to infect. It uses the sys call Int 80h to obtain services from the Linux kernel. The virus scans sections with the attribute SHT_PROGBITS and increases the size of the last section, writing itself to the free space.
It then writes a jump command to its entry point address. Finally, it writes its label to the ELF header, including the string "RIKE".
Spyware32. Linux.Rike.162 Viruses Information.