WRITING A LINUX VIRUS WITH LKM

Abstract

Virus is a program which is able to replicate with little or no user intervention, and the replicated program(s) are able to replicate further. Writing a good virus is challenging, the best viruses are written in C language, and building as executable file from C source code to plant virus code into another executable. The result either prohibitively large, or very dependent on the completeness of the target installation. Real viruses approach the problem from the other end. They are aggressively optimized for code size and do only what's absolutely necessary. However, this has some limitations and the solution to these limitations is complicated and makes the virus more likely to fail. This paper presents a design and implementation of a virus running on Linux operating system as Loadable kernel module (LKM) to overcome the limitations of developing the virus as C program. This virus can infect Linux modules in addition to executable files.