
The ELF Virus Writing Howto (2003) - DyslexicAtheist
http://www.linuxsecurity.com/resource_files/documentation/virus-writing-HOWTO/_html/index.html
======
lucideer
Also curious (as a flagged sibling commenter) about the lack of a HTTPS
version of this site—which seems to have user accounts.

The site also has this cute badge in the bottom left: "Powered By En Garde.
Secure by Design. Secure By Default".

En Garde seems to be a Linux distro, so I get that they're talking about the
security of the server OS itself, and not about securing users connecting to
that web server, but surely the former should serve the latter?

Ironically, the very first HN submission from this site is entitled "OpenSSL
vulnerability", so they're at least aware that SSL exists, and is related to
the concept of security.

~~~
dustfinger
>Also curious (as a flagged sibling commenter) about the lack of a HTTPS
version of this site

They do have an ssl/tls endpoint.
[https://www.linuxsecurity.com/](https://www.linuxsecurity.com/)

They have port 443 forwarded to a different site though.

In defense of author of the linked article; he probably has nothing to do with
the management of the site.

~~~
lucideer
> _In defense of author of the linked article; he probably has nothing to do
> with the management of the site._

True. And since the original author's copy[0] openly invites mirrors (and is
no longer maintained, since the author has died), it's fine for them to rehost
it. I just found their website somewhat odd.

[0] [http://virus.bartolich.at/virus-writing-
HOWTO/_html/mirrors....](http://virus.bartolich.at/virus-writing-
HOWTO/_html/mirrors.html)

~~~
dustfinger
I didn't realize that he died. I read that article years ago. Life is short.
Thanks for letting me know.

------
bediger4000
Has anybody ever worked through this and ended up with a working ELF virus?
How complete is it?

~~~
sebcat
The following:

[http://www.linuxsecurity.com/resource_files/documentation/vi...](http://www.linuxsecurity.com/resource_files/documentation/virus-
writing-HOWTO/_html/additional.cs.html#AEN1431)

is implemented here:

[https://freeshell.de/~swestres/code/infect_ELF.html](https://freeshell.de/~swestres/code/infect_ELF.html)

Of course, you need w permissions to the elf you want to write to.

------
ZoomStop
Looks like the article was deleted

~~~
dustfinger
nope, it is still there, but you won't see it if you are using https
everywhere addon. Port 443 is being forwarded to a different site and the
linked article does not exist on that site. You can only view the article on
port 80 (no https).

