Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Worm_onlineg.tty

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Worm_onlineg.tty
# 1  
Old 07-24-2008
Worm_onlineg.tty
This worm may either be dropped or downloaded from remote sites by other malware.


Upon execution, it drops a copy of itself, a DLL component, and a non-malicious file in the system. It also creates a new folder.It modifies the system registry such that its automatic execution at every system startup is enabled. Also through system registry modification, it hides files with both System and Read-only attributes.

This worm propagates via physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.


As part of its routine, this worm drops CRYP_XED-6 and TSPY_ONLINEG.BWN as its components. As a result, malicious routines of the dropped files are exhibited on the affected system.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Python: Redirecting to tty and reading from tty

In bash, you can do something like this: #!/bin/bash echo -n "What is your name? " > /dev/tty read thename < /dev/tty How can I do the same in python? I have a python script that has the following content: #!/usr/bin/python2.7 import getpass import sys import telnetlib import... (2 Replies)
Discussion started by: SkySmart
2 Replies
Login or Register to Ask a Question

LEARN ABOUT SUSE

tty

TTY(4)							     Linux Programmer's Manual							    TTY(4)

NAME

       tty - controlling terminal

DESCRIPTION

       The  file /dev/tty is a character file with major number 5 and minor number 0, usually of mode 0666 and owner.group root.tty.  It is a syn-
       onym for the controlling terminal of a process, if any.

       In addition to the ioctl(2) requests supported by the device that tty refers to, the ioctl(2) request TIOCNOTTY is supported.

   TIOCNOTTY
       Detach the calling process from its controlling terminal.

       If the process is the session leader, then SIGHUP and SIGCONT signals are sent to the foreground process group and  all	processes  in  the
       current session lose their controlling tty.

       This ioctl(2) call only works on file descriptors connected to /dev/tty.  It is used by daemon processes when they are invoked by a user at
       a terminal.  The process attempts to open /dev/tty.  If the open succeeds, it detaches itself from the terminal by using  TIOCNOTTY,  while
       if the open fails, it is obviously not attached to a terminal and does not need to detach itself.

FILES

       /dev/tty

SEE ALSO

       chown(1), mknod(1), ioctl(2), termios(3), console(4), tty_ioctl(4), ttyS(4), agetty(8), mingetty(8)

COLOPHON

       This  page is part of release 3.25 of the Linux man-pages project.  A description of the project, and information about reporting bugs, can
       be found at http://www.kernel.org/doc/man-pages/.

Linux								    2003-04-07								    TTY(4)