HOME

TheInfoList



Click Here for Items Related To - Devnull
OR:
Devnull on:   [Wikipedia]   [Google]   [Amazon]

Devnull is the name of a
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
for the
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
that has been named after ,
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
's null device. This worm was found on 30 September 2002. This worm, once the host has been compromised, downloads and executes a
shell script A shell script is a computer program designed to be run by a Unix shell, a command-line interpreter. The various dialects of shell scripts are considered to be scripting languages. Typical operations performed by shell scripts include file manip ...
from a web server. This script downloads a
gzip gzip is a file format and a software application used for file compression and decompression. The program was created by Jean-loup Gailly and Mark Adler as a free software replacement for the compress program used in early Unix systems, and in ...
ped executable file named from the same address, and then decompresses and runs the file. This downloaded file appears to be an
IRC Internet Relay Chat (IRC) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called '' channels'', but also allows one-on-one communication via private messages as well as chat an ...
client. It connects to different channels and waits for commands to process on the infected host. Then the worm checks for presence of the GCC compiler on the local system and, if found, creates a directory called . Next, it downloads a compressed file called . After decompressing, two files are created: an
ELF An elf () is a type of humanoid supernatural being in Germanic mythology and folklore. Elves appear especially in North Germanic mythology. They are subsequently mentioned in Snorri Sturluson's Icelandic Prose Edda. He distinguishes "ligh ...
binary file called and a source script file called . The latter gets compiled into the ELF binary . The executable will scan for vulnerable hosts and use the compiled program to exploit a known
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...
vulnerability.


See also

*
Linux malware Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but ...


External links


F-Secure's Website: Linux/Devnull
Computer worms Linux malware {{malware-stub