gmonkey.gif (29622 bytes)

The FILE Virus is a simple UNIX virus.  It was written by the author Silvio Cesare.  It uses File infection for replication.  To understand this method, imagine the following..

# cat host >> parasite
# ./parasite

In this example, although functionality of the host has been lost, its still intact within the new parasite.  If the parasite knows its own size, it can manually extract the host from the file and execute it.  The FILE Virus does this but before executing the original host, it forks, putting the exec function in the child process and waiting in the parent.  It does this so it can clean up the temp file used for extracting the host.  Direct infection for propogating is used.  It does this by infecting executeables in the current directory.  This virus is not strip safe; stripping an infected program will strip the original host leaving only the virus and making for an unrecoverable infection.  To avoid reinfecting the same host, a "magic" number is appended to the end of the file, this number is then checked in the infection routine.

Source