Archive for July, 2006

W32.Hoots

Friday, July 28th, 2006


When W32.Hoots is executed, it performs the following actions:

  1. Creates the following files:

    • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\O rly.exe
    • C:\o.rly
    • C:\check.exe
    • C:\not rly.bat
  2. Attempts to print the following picture of an owl on a series of hard-coded network printer names:

    O RLY?

  3. Attempts to spreads by copying itself to the following network shares:
    • \\[SHARE NAME][RANDOM NUMBER]\C$\o.rly
    • \\[SHARE NAME][RANDOM NUMBER]\C$\check.exe
    • \\[SHARE NAME][RANDOM NUMBER]\C$\not rly.bat
    • \\[SHARE NAME][RANDOM NUMBER]\C$\Documents and Settings\All Users\Start Menu\Programs\Startup\o rly.exe

      where [SHARE NAME] is one of the following strings:

    • hs219S
    • Hslca
    • Hslcb
    • Hslcc
    • Hslcd
    • IHSD

      The threat attempts to use the follow user name and password when accessing network shares:

      User name: Administrator

      Password: p3pp3r

  4. Stops spreading if the date is later than May 10th.

technorati tags:, , , ,

Blogged with Flock

Posted in My Brain | No Comments »

Classic

Tuesday, July 11th, 2006

The Linux Kernel Driver Interface
 This is being written to try to explain why Linux does not have a binary kernel interface, nor does it have a stable kernel interface. Please realize that this article describes the _in kernel_ interfaces, not the kernel to userspace interfaces. The kernel to userspace interface is the one that application programs use, the syscall interface. That interface is _very_ stable over time, and will not break. I have old programs that were built on a pre 0.9something kernel that still works just fine on the latest 2.6 kernel release. This interface is the one that users and application programmers can count on being stable.

linux kernel monkey log

No. Thats Lazy.

technorati tags:, , , , , , ,

Blogged with Flock

Posted in My Brain | 1 Comment »