[go: up one dir, main page]

About: Devnull

An Entity of Type: animal, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

Devnull is the name of a computer worm for the Linux operating system that has been named after /dev/null, Unix's null device. This worm was found on 30 September 2002. This worm, once the host has been compromised, downloads and executes a shell script from a web server. This script downloads a gzipped executable file named k.gz from the same address, and then decompresses and runs the file. This downloaded file appears to be an IRC client. It connects to different channels and waits for commands to process on the infected host.

Property Value
dbo:abstract
  • Devnull is the name of a computer worm for the Linux operating system that has been named after /dev/null, Unix's null device. This worm was found on 30 September 2002. This worm, once the host has been compromised, downloads and executes a shell script from a web server. This script downloads a gzipped executable file named k.gz from the same address, and then decompresses and runs the file. This downloaded file appears to be an IRC client. It connects to different channels and waits for commands to process on the infected host. Then the worm checks for presence of the GCC compiler on the local system and, if found, creates a directory called .socket2. Next, it downloads a compressed file called devnull.tgz. After decompressing, two files are created: an ELF binary file called devnull and a source script file called sslx.c. The latter gets compiled into the ELF binary sslx. The executable will scan for vulnerable hosts and use the compiled program to exploit a known OpenSSL vulnerability. (en)
dbo:wikiPageExternalLink
dbo:wikiPageID
  • 305194 (xsd:integer)
dbo:wikiPageLength
  • 1490 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID
  • 1063789554 (xsd:integer)
dbo:wikiPageWikiLink
dbp:wikiPageUsesTemplate
dcterms:subject
gold:hypernym
rdf:type
rdfs:comment
  • Devnull is the name of a computer worm for the Linux operating system that has been named after /dev/null, Unix's null device. This worm was found on 30 September 2002. This worm, once the host has been compromised, downloads and executes a shell script from a web server. This script downloads a gzipped executable file named k.gz from the same address, and then decompresses and runs the file. This downloaded file appears to be an IRC client. It connects to different channels and waits for commands to process on the infected host. (en)
rdfs:label
  • Devnull (en)
owl:sameAs
prov:wasDerivedFrom
foaf:isPrimaryTopicOf
is dbo:wikiPageWikiLink of
is foaf:primaryTopic of
Powered by OpenLink Virtuoso    This material is Open Knowledge     W3C Semantic Web Technology     This material is Open Knowledge    Valid XHTML + RDFa
This content was extracted from Wikipedia and is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License