Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Worm_onlineg.tty

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Worm_onlineg.tty
# 1  
Old 07-24-2008
Worm_onlineg.tty
This worm may either be dropped or downloaded from remote sites by other malware.


Upon execution, it drops a copy of itself, a DLL component, and a non-malicious file in the system. It also creates a new folder.It modifies the system registry such that its automatic execution at every system startup is enabled. Also through system registry modification, it hides files with both System and Read-only attributes.

This worm propagates via physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.


As part of its routine, this worm drops CRYP_XED-6 and TSPY_ONLINEG.BWN as its components. As a result, malicious routines of the dropped files are exhibited on the affected system.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Python: Redirecting to tty and reading from tty

In bash, you can do something like this: #!/bin/bash echo -n "What is your name? " > /dev/tty read thename < /dev/tty How can I do the same in python? I have a python script that has the following content: #!/usr/bin/python2.7 import getpass import sys import telnetlib import... (2 Replies)
Discussion started by: SkySmart
2 Replies
Login or Register to Ask a Question

LEARN ABOUT OSF1

revoke

revoke(2)							System Calls Manual							 revoke(2)

NAME

       revoke - Voids all references to a file

SYNOPSIS

       revoke(	    char *path);

PARAMETERS

       Points to a null-terminated string containing the appropriate pathname.

DESCRIPTION

       The  call invalidates all file descriptors associated with the pathname specified in path, which must be a block or character special file.
       Any open file system object on the device on which the revoked file system object resides subsequently holds an	invalid  file  descriptor,
       and will receive errors if it attempts to access the file with any read, write, ioctl, or select system call.  The only call that will suc-
       ceed under these conditions is close().	A subsequent call to open() will result in a valid file descriptor and thereby reenable access	to
       the file.

       The  behavior  of the revoke() system call depends on the setting of a sysconfigtab variable, revoke-tty-only.  By default, the revoke-tty-
       only parameter is set on.  In this case, the system call conforms to the behavior of earlier  versions  of  the	call,  but  only  for  tty
       devices.  For all other devices, the call returns an error, ENOTTY.

       You can set off the revoke-tty-only parameter to make the system call conform to its behavior in earlier versions of Tru64 UNIX .

       The  effective  user ID of the process must be the same as the owner of the file, or must have superuser privilege in order to use the call
       in this manner.

RETURN VALUES

       Upon successful completion, a value of 0 (zero) is returned. If the revoke() function fails, it returns a value of -1, and errno is set	to
       indicate the error.

ERRORS

       If  the	revoke() function fails, errno may be set to one of the following values: The file represented by the pathname is of the incorrect
       type.  The size of the pathname exceeds PATH_MAX or a pathname component is longer than NAME_MAX.  A component of  the  specified  pathname
       does  not  exist,  or  the  path parameter points to an empty string.  A component of the path prefix is not a directory.  The sysconfigtab
       variable revoke-tty-only is set on, but the device is not a tty.  delim off

																	 revoke(2)