Subscriptions | RSS Feeds | Discussions | Polls | Site Map


All Threats	Viruses	Hackers	Spam

Whole site

Viruses

File and Boot Viruses

If Your Computer Is Infected

Malware Description Search

Home / Viruses / Virus Encyclopedia / Malware Descriptions / Classic Viruses / File and Boot Viruses

Virus.Linux.Diesel.962

Aliases
Virus.Linux.Diesel.962 (Kaspersky Lab) is also known as: Linux.Diesel.962 (Kaspersky Lab), Linux/Diesel.dr.962intd (McAfee), Linux.Diesel (Symantec), Linux/Diesel (Grisoft), Linux/Diesel.B (Panda)

Description added Feb 08 2002

Behavior Virus

Technical details

This is a relatively harmless, non-memory resident parasitic virus. It searches for Linux executable files in system directories and subdirectories, then writes itself to the middle of the file. Before searching files, the virus reads its code from the host file. It moves the original bytes to the end of the file and increases the size of the previous section.

 File before infecting          File after infecting:

 ---------------                ---------------
 ƒ   Header    ƒ                ƒ   Header    ƒ
 +-------------+                +-------------+
 ƒ             ƒ                ƒ             ƒ
 ƒ             ƒ                ƒ             ƒ
 ƒ             ƒ                ƒ             ƒ
 +-------------+<- Entry point  +-------------+<- Entry point
 ƒProgram code ƒ                ƒ Virus code  ƒ
 +-------------+                +-------------+
 ƒ             ƒ                ƒ             ƒ
 ƒ             ƒ                ƒ             ƒ
 L--------------                +-------------+
                                ƒProgram code ƒ
                                L--------------

After finishing its work, the virus restores the host and transfers control to it. The virus contains the text string:

 / home root sbin bin opt
 [ Diesel : Oil, Heavy Petroleum Fraction Used In Diesel Engines ]

Email: webmaster@viruslist.com

All Threats

Viruses

Hackers

Spam

Virus.Linux.Diesel.962