This is a repost from my blog at Medium.
I was going through some old files when I found a malware I’d decoded while fixing someone’s PC. Back in 2013, someone had asked me to get rid of a virus they had encountered. I formatted the hard drive, and took a sample of the script that seemed to start it all.
Here is the original CDD564C.vbe.
Now I had to decode this to ore readable VBS, which I did using this script. Unfortunately, I can’t find the original reference for this script, but I’m sure a quick search on Google would suffice.
From the above step, I got this:
It is quite obvious what the malware does and how it is structured. These kind of attacks are quite easy to create and somewhat easy to get rid of as well. The structure of the code mostly is similar, where in linux they may exploit different tactics like using tmp, but overall structure is quite similar.
Let me know if you find this interesting. In future I’ll post about more recent linux based malware.