Techguy
December 4, 2000, 09:18 pm
ELF_SNOOPY
Risk rating: http://www.helpfromtechs.com/images/lowrisk.gif
Virus type: Elf Executable
Destructive: N
Aliases:
SNOOPY
Description:
This virus infects Unix files by overwriting them with its code and renaming the original host file (the uninfected file) with an extension of .X23. It is similar to ELF_X23 except for some additional characteristics. This virus creates a new directory where the files with .X23 extensions are found and the virus also adds the user name to "snoopy" in the master password list.
In the wild: No
Trigger condition 1: Upon execution
Payload 1: Others (adds new extension to files and creates new directory)
Detected by pattern file#: 813
Detected by scan engine#: 5.170
Language:
English
Platform: Linux
Encrypted: No
Size of virus: 17,937 Bytes
Details:
Upon execution, this virus searches the current directory for Unix files and creates the directory ^E. Then it checks if a file has an extension .X23 and if it is executable in the user group. If the file does not have the .X23 extension, the virus adds it to the file. This file then serves as a copy of the original host file.
After this the virus copies its code to the original host file and changes the attributes of the file to read, write and be executable for the host group, the group where the user belongs and for all other groups as well.
The virus also adds a user name "snoopy" for every file it infects and updates this in the master password. It moves all infected host files with the extension .X23 to the ^E directory.
------------------
Risk rating: http://www.helpfromtechs.com/images/lowrisk.gif
Virus type: Elf Executable
Destructive: N
Aliases:
SNOOPY
Description:
This virus infects Unix files by overwriting them with its code and renaming the original host file (the uninfected file) with an extension of .X23. It is similar to ELF_X23 except for some additional characteristics. This virus creates a new directory where the files with .X23 extensions are found and the virus also adds the user name to "snoopy" in the master password list.
In the wild: No
Trigger condition 1: Upon execution
Payload 1: Others (adds new extension to files and creates new directory)
Detected by pattern file#: 813
Detected by scan engine#: 5.170
Language:
English
Platform: Linux
Encrypted: No
Size of virus: 17,937 Bytes
Details:
Upon execution, this virus searches the current directory for Unix files and creates the directory ^E. Then it checks if a file has an extension .X23 and if it is executable in the user group. If the file does not have the .X23 extension, the virus adds it to the file. This file then serves as a copy of the original host file.
After this the virus copies its code to the original host file and changes the attributes of the file to read, write and be executable for the host group, the group where the user belongs and for all other groups as well.
The virus also adds a user name "snoopy" for every file it infects and updates this in the master password. It moves all infected host files with the extension .X23 to the ^E directory.
------------------