Worm_autorun.bcq

05-06-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Worm_autorun.bcq

This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be downloaded from certain remote sites. It may be installed manually by a user.
It creates folders.It drops files/components.
It creates registry entries to enable its automatic execution at every system startup. It modifies registry entries to hide files with both System and Read-only attributes. It creates registry key(s)/entry(ies) as part of its installation routine.
It drops copies of itself in all physical drives and in all removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
It accesses Web sites to download file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

AUTORUN(1) AUTORUN(1) NAME
autorun - automatically mounts/unmounts CDROMs and executes /path_to_cdrom/autorun after mounting SYNOPSIS
autorun [-lmqv?V] [-a EXEC] [-c CDPLAYER] [-e STRING] [-i MILLISEC] [-n STRING] [-t STRING] [--autorun=EXEC] [--cdplayer=CDPLAYER] [--interval=MILLISEC] [--lock] [--mountonly] [--notify=STRING] [--notify-insert=STRING] [--notify-eject=STRING] [--quiet] [--verbose] [--help] [--usage] [--version] [cdromdevices...] DESCRIPTION
autorun automagically recognises all available CDROMs in your system, mounts them upon insertion and executes a possible 'autorun' exe- cutable on the CD. To allow an ordinary user to do this you have to add the options user,exec in /etc/fstab to the CDROMs you want to use. You may also use Autorun.desktop for KDE. Just place it in your Autostart folder. Command strings are parsed and %P% is replaced by the mountpoint path. %D% is replaced by the device path. After that the command string will be executed using /bin/sh -c "command string"; OPTIONS
-a, --autorun=EXEC Execute EXEC, if the CD changes. This executable must be located on the CD. I.e. if you specify "--autorun=myprogram", and your CD is mounted under /mnt/cdrom, after the CD is changed, autorun will attempt to run "/mnt/cdrom/myprogram". (default "/autorun") -c, --cdplayer=CDPLAYER Run CDPLAYER, if an audio CD is inserted (default "/usr/bin/kscd") -i, --interval=MILLISEC The time to wait in MILLISEC between checks (default 1000) -l, --lock Lock the mounted media (unmount by hand) -m, --mountonly mount/unmount only (do not execute anything) -n, --notify=STRING Command STRING that will executed if the CD changes (default "/usr/bin/kfmclient configureDesktop") -t, --notify-insert=STRING Command STRING that will executed if a CD was inserted and the autorun executable "/autorun" or the one specified with --autorun was NOT executed. (default "/usr/bin/kfmclient openURL %P%") -e, --notify-eject=STRING Command STRING that will executed if a CD was ejected (default "") -q, --quiet Don't produce any output -v, --verbose Produce verbose output -?, --help Give this help list --usage Give a short usage message -V, --version Print program version Mandatory or optional arguments to long options are also mandatory or optional for any corresponding short options. AUTHOR
Harald Hoyer <Harald.Hoyer@redhat.de> There is a project web page at parzelle.de: http://parzelle.de/. AUTORUN(1)

Malware Advisories (RSS)

Worm_autorun.bcq

LEARN ABOUT REDHAT

autorun