Linux/Tcl.Darkness
Analysis
- Virus is script-based and appends its code to other
files
- Virus is coded in Tcl, a script-based language
primarily for Unix operating systems
- If the virus script is initiated, it will attempt
to first open all files for reading and scan each
file for the text "#!/usr/bin/env wish"
- For every file not containing this text, the virus
will open that file for appending and attempt to append
its code to that file
- The virus also modifies the .bashrc environment
control file such that text is displayed when a bash
command is executed -
Lying here
future unclear
all I know
before the curtain dropped
you left the show..Shallow water
rippled by tears
shallow water
mirrors my fear
silent raindrops
soothen my skin
still the answers
stay locked down within'(Sylver - Shallow water)'
-
The virus also modifies the .bash_profile configuration file such that the following text is displayed -
Your world has spikes on his back and he wants to lay down on you
Don't like what I say, you best not go away
Take a look into my bag of wonders
I'll pull out something special just for you
Don't tell anyone
It'll be our secret
A weak and tainted soul I stole from you know who
You want to buy it back I'll have to charge you for twoI sell society
You won't hear lies from me
I'll tell you everything you want to hear
I sell society
You won't hear lies from me
I'll sell you everything you want to buy'(Godhead - I sell society)'
-
The virus script contains the string "#Darkness" in its code