Worm_onlineg.tty

07-24-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Worm_onlineg.tty

This worm may either be dropped or downloaded from remote sites by other malware.

Upon execution, it drops a copy of itself, a DLL component, and a non-malicious file in the system. It also creates a new folder.It modifies the system registry such that its automatic execution at every system startup is enabled. Also through system registry modification, it hides files with both System and Read-only attributes.

This worm propagates via physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.

As part of its routine, this worm drops CRYP_XED-6 and TSPY_ONLINEG.BWN as its components. As a result, malicious routines of the dropped files are exhibited on the affected system.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

llogin(1) General Commands Manual llogin(1) NAME
llogin - Connects to a LAT service SYNOPSIS
/usr/sbin/llogin -d | service [-p tty] [-H rem_node] [-R rem_port] [-wpassword | -W] OPTIONS
Displays a list of learned services including the node name and rating. Specifies a local LAT tty device (tty) to use to connect to ser- vice. Either SVR4 or BSD tty devices can be specified. However, the tty device must already exist and be available for use. If no tty device is specified, llogin uses any available SVR4 tty device. If no available devices are found, llogin creates an SVR4 LAT tty device for the user. When llogin exits, the created tty device is removed. Specifies a remote host (rem_node) that offers service. This is helpful when more than one host offers a service. Specifies a remote port (rem_port) that offers service. Speci- fies a password for connecting to service when the remote service has password checking enabled. The password is not case sensitive and spaces are not allowed. If you use the -w option, you specify the password on the command line; it is visible. If you use the -W option, you are prompted for the password; it is not echoed (visible). DESCRIPTION
The llogin command enables Tru64 UNIX users to connect to LAT services offered by other nodes in the local area network (LAN). You do not need superuser privileges or node information in order to connect to LAT services. If you do not know what services are known to your local node, use the llogin -d command. If you want to perform simultaneous llogin connections, use the llogin -p command. To make the llogin connection establishment quicker, add the target hostname as a remote service by using the latcp command. EXAMPLES
The following command initiates a connection to service siteapp on any node and port through any local LAT tty device: llogin siteapp The following command initiates a connection to service siteapp on any node and port through local LAT tty device 620: llogin siteapp -p 620 The following command initiates a connection to service siteapp on any remote port on host HOSTX through local LAT tty device 620: llogin siteapp -p 620 -H HOSTX The following command initiates a connection to service siteapp on remote port TTY_Z on host HOSTX through local LAT tty device 620: llogin siteapp -p 620 -H HOSTX -R TTY_Z SEE ALSO
Commands: latcp(8) Network Information: lat_intro(7) llogin(1)

Malware Advisories (RSS)

Worm_onlineg.tty

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Python: Redirecting to tty and reading from tty

Discussion started by: SkySmart

LEARN ABOUT OSF1

llogin