Wabbit
What is Wabbit?
WabbitA self-replicating program that stays on a single host and exhausts its resources by spawning endless copies of itself, without spreading over the network.
A wabbit is an old class of malware that replicates locally rather than across the network like a worm. By continuously forking processes, creating files, or filling the disk, it consumes CPU, memory, or storage until the host becomes unusable. The classic example is a fork bomb, a tiny script that recursively spawns child processes until the operating system collapses. Wabbits are usually denial-of-service tools rather than data-theft malware, sometimes used as pranks or as part of a destructive payload. Defences include process and resource limits (ulimit, cgroups), kernel and OS hardening, least-privilege accounts, and EDR detection of abnormal process creation rates.
● Examples
- 01
A bash fork bomb ":(){ :|:& };:" that crashes a Linux shell session.
- 02
Programs that recursively create files until the filesystem fills up.
● Frequently asked questions
What is Wabbit?
A self-replicating program that stays on a single host and exhausts its resources by spawning endless copies of itself, without spreading over the network. It belongs to the Malware category of cybersecurity.
What does Wabbit mean?
A self-replicating program that stays on a single host and exhausts its resources by spawning endless copies of itself, without spreading over the network.
How do you defend against Wabbit?
Defences for Wabbit typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Wabbit?
Common alternative names include: Rabbit virus.