Originally in Russian from a journal log in 2017, its a story of how the Linux user tried to download and run a virus but literally can’t. The story had been translated and became a meme within the Linux community.
Downloaded the virus for Linux.
Unzipped it.
Installed it under root.
It didn't start. Spent 2 hours googling. Realised that the virus instead of /usr/local/bin installed itself into /usr/bin where user malware does not have the write permissions. That's why the virus could not create a process file.
Found the patched .configure and .make files on the Chinese site. Recompiled, reinstalled. Virus announced that it needs the cmalw-lib-2.0 library. Found out that cmalw-lib-2.0 only exists for CentOs, but not for Ubuntu. Googled couple of hours, found a manual how to compile .deb from source. Compiled, installed, virus happily started, beeped in a speaker and terminated with a core dump.
The hour I spent reading syslog (via Papertrail) told me that the virus thought I have ext4 and called its api to encrypt the disk. This api is deprecated in btrfs, that's why Linux realised that inconsistency and made the partition read-only.
Opened the virus source code, grep'ped the bitcoin wallet and sent $5 just out of compassion.
Went to bed...Downloaded a Malware for Linux lately and unpacked it.
Tried to run it as root, didn't work.
Googled for 2 hours, found out that instead of /usr/local/bin the virus unpacked to /usr/bin for which the user malware doesn't have any write permissions, therefore the malware couldn't create a process file.
Found patched.configure and make files on some Chinese forum, recompiled and rerun it.
The malware said it needs the library cmalw-lib-2.0. Turns out cmalw-lib-2.0 is shipped with CentOS but not with Ubuntu. Googled for hours again and found an instruction to build a .deb package from source.
The malware finally started, wrote some logs, made a core dump and crashed. After 1 hour of going through the logs I discovered the malware assumed it was running on ext4 and called into its disk encryption API. Under btrfs this API is deprecated. The kernel noticed and made this partition read-only.
Opened the sources, grep'ed the Bitcoin wallet and sent $5 out of pity.I downloaded a malware binary for Linux lately and unpacked it. Tried to run it as root, but it didn't work. Googled for 2 hours and found out that instead of /usr/local/bin, the malware unpacked to /usr/bin, for which it doesn't have any write permissions. I found a patched .configure and .make file on some Chinese forum, recompiled and re-ran it, but the malware said it needed the cmalw-lib2.0 library, which ships with CentOS but not Ubuntu. Googled for hours again and found an instruction to build a .deb package from source and installed it. The malware finally started, wrote some logs, wrote a core dump, and crashed. After 1 hour of going through the logs I discovered the malware assumed an underlying ext4 filesystem and tried to call its disk encryption API (which is deprecated under the btrfs filesystem I use) - the kernel noticed and made the partition read-only to the process. So I got fed up, opened the sources, grep'ed the Bitcoin wallet and sent $5 out of pity.Венда рулит, а Линух сосет… или о попытке поставить вирус на Линух
Скачал вирусов себе на линух.
Распаковал.
Поставил под root.
Не завелись. Два часа гуглил, оказалось, вместо /usr/local/bin вирусы стали в папку /usr/bin на которую у юзера malware нет прав на запись, поэтому вирус не может создать файл процесса. Нашел на китайском сайте патченый .configure и .make, пересобрал, переустановил.</p>
Вирус заявил, что ему необходима библиотека cmalw-lib-2.0. Оказалось cmalw-lib-2.0 идет под CentOS, а под убунту ее не было. Гуглил два часа, нашел инструкцию как собрать .deb пакет либы из исходников. Собрал, поставил, вирус радостно запустился, пискнул в спикер и сделал core dump.
Час чтения syslog показал, что вирус думал, что у меня ext4 и вызывал ее api для шифрования диска. В btrfs это api deprecated поэтому линукс, заметив это непотребство, перевел раздел в рид-онли.
В сердцах открыл исходники вируса, grep'нул bitcoin кошелек, отправил туда $5 из жалости и пошел спать...