The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security > Malware Advisories (RSS)
Worm_onling.c Worm_onling.c
Google UNIX.COM
Forums Portal Register Forum Rules FAQContribute Members List Arcade Search Today's Posts Mark Forums Read


Malware Advisories (RSS) Malware Security Advisories Via RSS

Reply
 
Submit Tools LinkBack Thread Tools Display Modes
  #1  
Old 07-10-2008
iBot's Avatar
RSS Robot Girl
  

Join Date: Sep 2000
Posts: 14,297
Worm_onling.c
This worm may be dropped by other malware. It may arrive via removable drives.

It creates a folder. It drops a copy of itself and component files. It also drops files which Trend Micro detects as CRYP_XED-6 and TSPY_ONLINEG.BWN. As a result, routines of the dropped files are also exhibited on the affected system.

It creates registry entries to enable its automatic execution at every system startup. It modifies registry entries to hide files with both System and Read-only attributes.

This worm drops copies of itself in all physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.



More...
Reply With Quote
Google The UNIX and Linux Forums
Forum Sponsor
Reply

« Troj_mdropper.zt | Bkdr_pcclien.bbb »
Thread Tools
Display Modes
Linear Mode Linear Mode




All times are GMT -7. The time now is 09:49 AM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008. All Rights Reserved.Ad Management by RedTyger Visit The Complex Event Processing Blog

Content Relevant URLs by vBSEO 3.2.0