Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Worm_onlineg.tty

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Worm_onlineg.tty
# 1  
Old 07-24-2008
Worm_onlineg.tty
This worm may either be dropped or downloaded from remote sites by other malware.


Upon execution, it drops a copy of itself, a DLL component, and a non-malicious file in the system. It also creates a new folder.It modifies the system registry such that its automatic execution at every system startup is enabled. Also through system registry modification, it hides files with both System and Read-only attributes.

This worm propagates via physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.


As part of its routine, this worm drops CRYP_XED-6 and TSPY_ONLINEG.BWN as its components. As a result, malicious routines of the dropped files are exhibited on the affected system.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Python: Redirecting to tty and reading from tty

In bash, you can do something like this: #!/bin/bash echo -n "What is your name? " > /dev/tty read thename < /dev/tty How can I do the same in python? I have a python script that has the following content: #!/usr/bin/python2.7 import getpass import sys import telnetlib import... (2 Replies)
Discussion started by: SkySmart
2 Replies
Login or Register to Ask a Question

LEARN ABOUT SUNOS

tty

tty(1)								   User Commands							    tty(1)

NAME

       tty - return user's terminal name

SYNOPSIS

       tty [-l] [-s]

DESCRIPTION

       The  tty utility writes to the standard output the name of the terminal that is open as standard input. The name that is used is equivalent
       to the string that would be returned by the ttyname(3C) function.

OPTIONS

       The following options are supported:

       -l	Prints the synchronous line number to which the user's terminal is connected, if it is on an active synchronous line.

       -s	Inhibits printing of the terminal path name, allowing one to test just the exit status.

ENVIRONMENT VARIABLES

       See environ(5) for descriptions of the following environment variables that affect the execution of  tty: LANG, LC_ALL, LC_CTYPE,   LC_MES-
       SAGES,  and NLSPATH.

EXIT STATUS

       The following exit values are returned:

       0	Standard input is a terminal.

       1	Standard input is not a terminal.

       >1	An error occurred.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+
       |CSI			     |enabled			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Standard			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       isatty(3C), ttyname(3C), attributes(5), environ(5), standards(5)

DIAGNOSTICS

       not on an active synchronous line

	   The standard input is not a synchronous terminal and -l is specified.

       not a tty

	   The standard input is not a terminal and -s is not specified.

NOTES

       The -s option is useful only if the exit status is wanted. It does not rely on the ability to form a valid path name. Portable applications
       should use test -t.

SunOS 5.10							    1 Feb 1995								    tty(1)