Fork bomb is also called wabbit or rabbit virus that was crafted by malicious hackers to launch denial-of-service attack on the target system. The virus replicates itself and corrupts the available system resources. It slows down the performance of the system or sometimes can cause system crashes due to resource starvation
Fork bomb viruses function in two different ways
It functions in two ways to perform the process of forking – one by using the CPU processing time and also by slowing down the process of operating system. It’s an infinite process where its copies are launch repeatedly.
In a system functioning on an Unix operating system, fork bombs are developed to exploit the fork system call. Forked processes are generally copies of the first program, once it starts its execution from the new address at the frame pointer, the process of forking is continued and produces multiple copies causing growth in the process.
A fox bomb functions to generate huge number of processes in a limited time frame to fill up the space in certain set of processes that are meant for computer’s operating system. When there is a saturation of processes, there is no way for new programs to start until there is a termination of other processes. Even when there is no saturation of space, there are no chances of genuine program to get started as the fork bomb reserves the space for its new copy and the process goes on like an infinite loop.
The fork bomb virus not just uses the space in the process table but its new copies uses all the corresponding processor time and memory. This results in slowing down the system and the programs that are already existing becomes unresponsive and it becomes challenging and almost impossible to use.
Fork bombs can be prevented only when the user limits the number of processes that he/she owns. It can be done by the following ways
Implement the use of ulimit parameter of Unix/Linux to limit the creation of the number of processes by the user
For instance, ulimit=30 restricts the user to create and own only 30 processes. However, there is a constraint as the command is specific to sessions—the ulimit has to be reset once the session ends.
Implement process limits completely across the system with /etc/security/limits.conf file. This is the most common method since it makes it easy for the user to deploy the setting across all the profiles, therefore it works well to reduce the risk in altering each profile settings of the user.
It should be also considered that even when the limits.conf setting is done correct, hackers are efficient to gain administrative privileges to infect the system with a fork bomb attack.
Even with the latest and advanced operating systems, there is no successful method to completely deny fork bomb. However, implementing some of the basic security best practices, safeguarding system by denying suspicious software to run on root and most of all by implementing an effective virus removal tools can terminate a majority of fork bomb attacks.