Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Worm_autorun.vb

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Worm_autorun.vb
# 1  
Old 12-28-2007
Worm_autorun.vb
This worm may be installed manually by a user.
It drops copies of itself. It drops files/components. It injects threads into normal processes.
It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating registry keys/entries.
It drops copies of itself in all physical drives. It drops copies of itself in all removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
It accesses Web sites to download file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT V7

captest

CAPTEST:(8)						  System Administration Utilities					       CAPTEST:(8)

NAME

       captest - a program to demonstrate capabilities

SYNOPSIS

       captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]

DESCRIPTION

       captest	is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
       current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates  a  child  process  that
       attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.

       You  can  also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
       captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between  root's
       credentials  and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
       lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.

OPTIONS

       --drop-all
	      This drops all capabilities and clears the bounding set.

       --drop-caps
	      This drops just traditional capabilities.

       --id   This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.

       --text This option outputs the effective capabilities in text rather than numerically.

       --lock This prevents the ability for child processes to regain privileges if the uid is 0.

SEE ALSO

       filecap(8), capabilities(7)

AUTHOR

       Steve Grubb

Red Hat 							     June 2009							       CAPTEST:(8)