Ohayo!, It's Dilan ðĪ!
So you decided to play a little bit with your computer ? maybe to punish it or maybe to see its limits. Whatever the case, today we will be taking a look at one of the most simple yet elegant way to crash (almost) any computer in this earth.
So what the heck is fork bomb? a bomb with the shape of a fork? Nah.. though you were close, but a fork bomb is the kind of attack a program make use of recurssion to create copy of itself, and in turn the newly created node, become also parents and create other child nodes till the computer has no more ressources to continue, then it stops, freeze, or behave in an unexpected way!
Let's try and see what exactly is that fork bomb in practice, we will start with the following image to motivate and better help you picture what's happening
As you can see from the image each time one of the bomb is created, automatically it creates two other copies of itself for over and over again.
But okay so we have a mutant software..? what makes it elegant?
Thanks for the question, actually what I found really elegant here is how easy it's to write and test the fork bomb, also most of the modern programming languages comes with either a function,class or method that already provide the same result when called.
Now then let's take a closer look at the composition of our elegant malware ðĪŠ:
:(){:|:&};:And that's it, yes... that is our 11 characters long malware, elegant isn't??
It may seems really complicated at first, like some high level of low level programming, but that's not it. It's actually simple function notions and a little bit of Linux-like env.
:() { # start of the function
:|:& #body, calling function inside itself, creating recurssion
}; # End of the function
: # function callingNote that here we are using the |(pipping to pass output as new input) and & to pass the running process in the background.
According to you why do we need to pass it to the background? what will happen if we just don't pass it? I will let you find out for yourself!
Soo, no way to stop/avoid it? Unfortunately (or fortunately) once you launch a fork bomb, the only think you can do to stop it is to restart the system!
But why can't we just kill it directly? Because to do so we will need to kill all of its clone, and without full permissions(like super Admin) it will be difficult to have a program to stop the fork bomb, because that program too will need the resources that are quickly getting taken off by the fork bomb.
All Unix, Linux, or Unix-like operating systems are potentially vulnerable to a fork bomb attack, including but not limited to Ubuntu, Debian, Red Hat, or AIX.
Windows operating systems on the other hand are not vulnerable to a traditional fork bomb attack, as they are unable to fork other processes. To create an attack similar to a fork bomb on Windows, a set of new processes needs to be rapidly created. This requires more complex programming than a traditional fork bomb (except if you have either a bash/linux terminal or WLS).
Note that all what is shown here is for learning purpose only, don't try it on a machine that's not your own!
It was Dilan, GDGoC ( Google Developer Groups On Campus) Lead. See you soon! ð