Details
Linux.Diesel

This is a relatively harmless, non-memory resident parasitic virus. It searches for Linux executable files in system directories and subdirectories, then writes itself to the middle of the file. Before searching files, the virus reads its code from the host file. It moves the original bytes to the end of the file and increases the size of the previous section.
File before infecting File after infecting:

————— —————
? Header ? ? Header ?
+————-+ +————-+
? ? ? ?
? ? ? ?
? ? ? ?
+————-+<- Entry point +————-+<- Entry point
?Program code ? ? Virus code ?
+————-+ +————-+
? ? ? ?
? ? ? ?
L————– +————-+
?Program code ?
L————–

After finishing its work, the virus restores the host and transfers control to it. The virus contains the text string:
/ home root sbin bin opt
[ Diesel : Oil, Heavy Petroleum Fraction Used In Diesel Engines ]

Related Posts

This entry was posted on Wednesday, December 31st, 2008 at 12:15 pm and is filed under Virus Threats.