Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Worm_hidden.b

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Worm_hidden.b
# 1  
Old 03-06-2008
Worm_hidden.b
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Image Malware Overview
This worm may be dropped or downloaded from remote sites by other malware. It may also arrive via file sharing through removable drives.
Upon execution, this worm drops several files. It then registers itself as a system service to ensure its automatic execution at every system startup. It also modifies registry entries to hide files with both System and Read-only attributes.
This worm drops a component file also detected as WORM_HIDDEN.B on removable drives that have FAT or FAT32 partition. It also drops an AUTORUN.INF to execute the dropped copy when an affected drive is accessed.
The dropped component file is used to find the worm on the infected drive, copy it to the Windows system folder and execute it. It needs this component file since the worm itself is encrypted on the drive and is not stored by conventional means.
It is saved in a random space on the drive which is tagged as corrupted. The said space is deemed unusable, thereby making the worm ?invisible? and not easily detected. This worm is written without using a file name and is called upon by using the disk offset where it is stored.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT SUSE

genworm

GENWORM(1)						      General Commands Manual							GENWORM(1)

NAME

       genworm - generate a RADIANCE description of a functional worm

SYNOPSIS

       genworm mat name 'x(t)' 'y(t)' 'z(t)' 'r(t)' nseg [ -e expr ][ -f file ]

DESCRIPTION

       Genworm	produces  a  RADIANCE  scene description of a worm defined by the parametric equations x(t), y(t), z(t), and r(t) (the radius).  T
       will vary from 0 to 1 in steps of 1/nseg.  The surface will be composed of nseg cones or cylinders and nseg+1 spheres.  The expressions are
       of the same type used in RADIANCE function files.  Auxiliary expressions and/or files may be specified in any number of -e and -f options.

EXAMPLE

       To generate a banana:

	 genworm yellow banana '0' '5*sin(t)' '5*cos(t)' '.4-(.5-t)*(.5-t)' 20

AUTHOR

       Greg Ward

BUGS

       Since  the worm is constructed of intersecting surfaces, only opaque materials should be used with this object.	Also, a worm cannot double
       back inside itself without making a mess.

SEE ALSO

       genrbox(1), genrev(1), gensurf(1), icalc(1), rpict(1), rvu(1), xform(1)

RADIANCE
							     11/15/93								GENWORM(1)