Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Worm_autorun.app

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Worm_autorun.app
# 1  
Old 05-22-2008
Worm_autorun.app
This worm may be installed manually by a user. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It drops copies of itself. It injects threads into normal processes.
It creates registry entries to enable its automatic execution at every system startup.
It creates registry key(s)/entry(ies) as part of its installation routine.
It drops copies of itself in all physical drives. It drops copies of itself in all removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
It accesses Web sites to download file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Programming

Wuhan Coronavirus Status App for China - Rapid Prototype using MQTT and the IoT OnOff IOS App

With a little bit of work, was able to build a nice "Wuhan Coronavirus Status" app using MQTT and the IoT-OnOff app. More on this technique here: ESP32 (ESP-WROOM-32) as an MQTT Client Subscribed to Linux Server Load Average Messages The result turned out nice, I think. I like the look and... (10 Replies)
Discussion started by: Neo
10 Replies
Login or Register to Ask a Question

LEARN ABOUT LINUX

captest

CAPTEST:(8)                                               System Administration Utilities                                              CAPTEST:(8)

NAME

       captest - a program to demonstrate capabilities

SYNOPSIS

       captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]

DESCRIPTION

       captest  is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
       current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates  a  child  process  that
       attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.

       You  can  also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
       captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between  root's
       credentials  and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
       lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.

OPTIONS

       --drop-all
              This drops all capabilities and clears the bounding set.

       --drop-caps
              This drops just traditional capabilities.

       --id   This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.

       --text This option outputs the effective capabilities in text rather than numerically.

       --lock This prevents the ability for child processes to regain privileges if the uid is 0.

SEE ALSO

       filecap(8), capabilities(7)

AUTHOR

       Steve Grubb

Red Hat                                                              June 2009                                                         CAPTEST:(8)