Linux malware includes Trojans, viruses, worms, and other types of malware that surface to the core Linux operating system. More than 50% of web servers on the Internet run some version of Linux. According to Kaspersky, Alaeda malware is a non-resident virus. It infects systems running Linux and is written in Assembler. It infects files in ELF format in the current directory.
When infecting, the virus modifies the entry point of the original file, passing control to the infection routine. Modified the ELF header of the file.
The .text section of the file to be infected must have a minimum size to inject malicious code so that the virus then writes its body in the .text section; the size of the infected file will not change, making it difficult to detect the infection. Once the virus body has delivered its payload, control returns to the program code.
