Understanding the Fork Bomb :() :;: on Linux

Malware and bugs are to be expected when working on a system. If you are a Linux user then the most popular malware that user come across is Fork Bomb. Fork Bomb sabotages system resources by generating repetitive tasks that eventually lead to system crash. If you are a Linux or Unix OS user and don’t know about Fork Bomb or you are looking for a way out to avoid such virus attack, read this guide:

What is fork bomb?

In order to protect your Linux system from certain virus or malware attack, it is essential to know how this virus is generated and how it affects the system. Fork Bomb also known as Rabbit Virus is used by hackers to stop system working by creating infinite chain of tasks. These tasks start running in the background and keep being generated until all system resources are exhausted and the system hangs, in other words, it can be called a Denial of Service (DoS) attack.

Formation of the fork bomb

The formation of Fork Bomb is then mentioned below:

To understand Fork Bomb creation and how it works, consider the following syntax:

$ :() :;:
  • :() is used to declare a function and is represented by :function
  • is the body of the function that contains commands to crash the system
  • :|: starts the replication of the function, here first : the function is called and then | replicates the function:
  • & Moves the entire function to the background to avoid killing child processes
  • ; disconnects the child processes and terminates the statement
  • : Runs the created function

How to prevent and repair fork bombs

The possible solution to prevent Fork Bomb is to limit the number of processes one can run on a Linux system and see what limits the use of programs by default:

<strong>$ limit -ustrong>

Graphical user interface, text, application, chat or text message description generated automatically

Next, add the limit of programs using the following syntax:

$ limit -S -u <Border>

For example, if you want to limit the number of processes to 10000, use:

$ limit -S -u 10000

Graphical user interface, text, application description generated automatically

If you want to limit the number of processes for a specific user, open the configuration file with:

$ sudo nano /Etc/security/limit.conf

Next add the number of background programs for each user using the following syntax:

<username> hard nproc <Border>

For example if I want to add a limit of 500 for a specific user then:

aaliyan hard nproc 1000

Next, save the file and reboot the system to apply the changes:

This is how to protect Liunx system from Denial of Service (DoS) attack, in case your Linux system is attacked by Fork Bomb, just reboot it to get it back to normal state.


Fork Bomb is a denial of service (DOS) attack that creates a chain of repetitive tasks to consume all of the system’s resources, and keeps generating tasks until the system crashes. The best way to prevent such malware attacks is to limit the number of background processes as this will stop generation of repetitive tasks thus preventing system crash.

Related Posts