Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Worm_onlineg.tty

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Worm_onlineg.tty
# 1  
Old 07-24-2008
Worm_onlineg.tty
This worm may either be dropped or downloaded from remote sites by other malware.


Upon execution, it drops a copy of itself, a DLL component, and a non-malicious file in the system. It also creates a new folder.It modifies the system registry such that its automatic execution at every system startup is enabled. Also through system registry modification, it hides files with both System and Read-only attributes.

This worm propagates via physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.


As part of its routine, this worm drops CRYP_XED-6 and TSPY_ONLINEG.BWN as its components. As a result, malicious routines of the dropped files are exhibited on the affected system.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Python: Redirecting to tty and reading from tty

In bash, you can do something like this: #!/bin/bash echo -n "What is your name? " > /dev/tty read thename < /dev/tty How can I do the same in python? I have a python script that has the following content: #!/usr/bin/python2.7 import getpass import sys import telnetlib import... (2 Replies)
Discussion started by: SkySmart
2 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

remote-tty

REMOTE-TTY(1)						      General Commands Manual						     REMOTE-TTY(1)

NAME

       remote-tty - connect to a ttysrv serial console instance

SYNOPSIS

       remote-tty [-l LoginName] [-7] [-r] socket

DESCRIPTION

       remote-tty  is  the  frontend  for the remote-tty daemon. It is normally invoked using rconsole.  It connects to the backend ttysrv process
       over a Unix socket and allows the user to view what's happening on the serial console and interact with it.

OPTIONS

       socket The full path to the Unix socket for the ttysrv instance to connect to.

       -l loginname
	      Specify the login name to use. Defaults to the username if not specified.

       -r     Set restricted mode; don't allow changing of logging status, suspending of remote-tty or setting of line options.

       -7     Set 7bit mode.

SEE ALSO

       rconsole(1), remote-tty(1), ttysrv(8).

AUTHOR

       rtty was written by Paul Vixie <vixie@isc.org>. This manual page was written by Jonathan McDowell <noodles@earth.li> for the Debian project
       (but may be used by others).

								   May 23, 2006 						     REMOTE-TTY(1)