Silvio | |
---|---|
Type | File virus |
Creator | Silvio Cesare |
Date Discovered | 2000 |
Place of Origin | Australia |
Source Language | C |
Platform | Linux |
File Type(s) | ELF |
Infection Length | 7,381 bytes |
Silvio is a harmless non-resident Linux virus. It was coded in C in Australia in 2000 by Silvio Cesare and appeared in the first issue of Matrix Zine.
Behavior
When executed, Silvio searches for a random number of ELF files (between 1 and 4) in the current directory. It checks to see if each file is smaller than the length of the virus, and if so, avoids infecting it. On finding them, it prepends itself to the beginning of the file. It also appends the 4 bytes, 40h E2h 01h 00h, which it uses as an identifier. There is a 1 in 5 probability it will display the text on every execution: "THE FILE VIRUS - Silvio Cesare".
In order to launch the carrier file, Silvio creates a temporary file and writes the body of the file into it. The virus uses the fork() system function to start a child process. The child process executes a temporary file. The main process sleeps and waits for the child to finish. After the child process terminates, the main process deletes the temporary file and terminates.
Usually, infected files remain functional.
Origin
The virus references its creator, Silvio Cesare, an Australian security researcher with a great deal of interest in Linux. He created at least on variant, functionally similar to the original. He was also responsible for the Siilov and Vit viruses. It appeared along with Siilov and Vit in Matrix Zine issue 1. It was a strong influence on the Lx2k2 virus.
Sources
Журнал «Хакер», *nix-вирусы. 16-NOV-2001
Matrix Zine, Issue 1