Illustration of "Infect software with a shared library"

Nowadays, most of the widely used software are using shared libraries (.so, .dll). They are very useful: share the same byte-code for several process without recompiling, interface to change the code at runtime...

What if you write the code of the worm in a .so, and then write an entry-point compatible with a given interface (openssl, pcre, zlib, whatever) then start the malicious code ?

You can run arbitrary code if you can do this. Experience and code to come.