Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Worm_onlineg.tty

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Worm_onlineg.tty
# 1  
Old 07-24-2008
Worm_onlineg.tty
This worm may either be dropped or downloaded from remote sites by other malware.


Upon execution, it drops a copy of itself, a DLL component, and a non-malicious file in the system. It also creates a new folder.It modifies the system registry such that its automatic execution at every system startup is enabled. Also through system registry modification, it hides files with both System and Read-only attributes.

This worm propagates via physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.


As part of its routine, this worm drops CRYP_XED-6 and TSPY_ONLINEG.BWN as its components. As a result, malicious routines of the dropped files are exhibited on the affected system.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Python: Redirecting to tty and reading from tty

In bash, you can do something like this: #!/bin/bash echo -n "What is your name? " > /dev/tty read thename < /dev/tty How can I do the same in python? I have a python script that has the following content: #!/usr/bin/python2.7 import getpass import sys import telnetlib import... (2 Replies)
Discussion started by: SkySmart
2 Replies
Login or Register to Ask a Question

LEARN ABOUT SUSE

showconsole

SHOWCONSOLE(8)						       The SuSE boot concept						    SHOWCONSOLE(8)

NAME

       Showconsole - determines the underlying tty of stdin
       Setconsole - sets the underlying tty of /dev/console

SYNOPSIS

       showconsole [-n]

       setconsole /dev/tty<xy> < /dev/console

DESCRIPTION

       showconsole  determines the underlying character device of the current stdin.  This can be used on /dev/console as current character device
       to get the real character device back.

       setconsole sets the underlying tty of the system console /dev/console.  This requires that the standard input is identical  with  /dev/con-
       sole and exactly one argument, a valid character device is given.

OPTIONS

       -n     Return  the  major and minor device numbers instead of the device file name.  This can be used to asked the kernel for the major and
	      minor device numbers of a not existing device file in /dev.

BUGS

       showconsole needs a mounted /proc file system and tries to set the controlling tty to stdin if no controlling tty is found.  After  reading
       /proc the status of the controlling tty is restored to avoid problems with getty processes.

FILES

       /proc/<pid of showconsole>/stat
	      the stat file of the showconsole process.

       /dev/console
	      the system console.

SEE ALSO

       blogd(8), console(4), tty(4), proc(5).

COPYRIGHT

       2000 Werner Fink, 2000 SuSE GmbH Nuernberg, Germany.

AUTHOR

       Werner Fink <werner@suse.de>

3rd Berkeley Distribution					   Nov 10, 2000 						    SHOWCONSOLE(8)