Challenge 5: Simple File InfectorIntroductionA virus is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed. Although thousands of viruses exist today, only a fraction of them are really a serious threat at any given time. Nevertheless, there exists enough malware that causes significant damages to unsuspecting users and careless administrators. Hence, the virus threat has to be taken seriously by any security specialist. The aim of this challenge is to give students some practical insight into the techniques that viruses use to infect other programs to propagate and survive. Detailed DescriptionYour task is to write a simple Linux virus that infects one Linux ELF executable at a time in the directory that it is started in (and only in this directory). Your virus may be coded in any language that is available on the lab computers (e.g., scripting languages, C, etc.). Your virus may also make use of temporary files to achieve its purpose. However, if you use temporary files, then make sure that you clean up after your program (and be sure to only use the /tmp directory for these temporary files). The "payload" of your virus is a simple message: That is, every time an infected application is started, it must print the string Hello! I am a simple virus! followed by a newline character to <stdout>. The message can be printed before or after the infected program performs its normal task. For example, suppose that your simple virus has infected the executable /bin/echo. After the infection, when echo is invoked as: echo test it should display: test Hello! I am a simple virus! or... Hello! I am a simple virus! test Needless to say, the original functionality of the host application (the program that got infected) should not change. Also, all command-line arguments should work. However, for the sake of simplicity, you can ignore environment variables (we will not test this). Note that if an ELF file is write protected, your virus should not crash or display weird messages, instead it should attempt to infect the next file in the current directory. When there are no clean (uninfected) ELF executables left in the current directory, then the virus will not spread any further. Note that your virus should only infect ELF executables and not executable scripts or data files. Furthermore, files that have already been infected must not be infected again (and this includes your virus dropper, see below). To launch the virus, it must be embedded in a "bootstrap" application (a virus dropper) that is written in C and called virus.c. Once compiled and started, the virus dropper program must infect the first Linux ELF executable that it finds in the current directory. Then, when this newly infected file is executed, your virus code is supposed to run. This means that another file is infected (if possible), and the message string is printed. Please note that whatever virus you decide to write, it must work in our lab environment. Test your virus on the lab machines and make sure that it works there before you submit it to us. Here is the Makefile that we will use to compile your application. Hints
DeliverablesTo submit your challenge solution to us, you need to follow these steps:
Administrative Information and DeadlineThis is an individual project. The project is due on Thursday, 19.05.2011, 23:59:59 PST. |