About: Devnull

An Entity of Type: animal, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

Devnull is the name of a computer worm for the Linux operating system that has been named after /dev/null, Unix's null device. This worm was found on 30 September 2002. This worm, once the host has been compromised, downloads and executes a shell script from a web server. This script downloads a gzipped executable file named k.gz from the same address, and then decompresses and runs the file. This downloaded file appears to be an IRC client. It connects to different channels and waits for commands to process on the infected host.

Property	Value
dbo:abstract	Devnull is the name of a computer worm for the Linux operating system that has been named after /dev/null, Unix's null device. This worm was found on 30 September 2002. This worm, once the host has been compromised, downloads and executes a shell script from a web server. This script downloads a gzipped executable file named k.gz from the same address, and then decompresses and runs the file. This downloaded file appears to be an IRC client. It connects to different channels and waits for commands to process on the infected host. Then the worm checks for presence of the GCC compiler on the local system and, if found, creates a directory called .socket2. Next, it downloads a compressed file called devnull.tgz. After decompressing, two files are created: an ELF binary file called devnull and a source script file called sslx.c. The latter gets compiled into the ELF binary sslx. The executable will scan for vulnerable hosts and use the compiled program to exploit a known OpenSSL vulnerability. (en)
dbo:wikiPageExternalLink	http://www.f-secure.com/v-descs/devnull.shtml
dbo:wikiPageID	305194 (xsd:integer)
dbo:wikiPageLength	1490 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1063789554 (xsd:integer)
dbo:wikiPageWikiLink	dbr:Unix dbr:dev/null dbr:GNU_Compiler_Collection dbr:Linux dbr:Computer_worm dbc:Computer_worms dbr:Linux_malware dbr:Executable_and_Linkable_Format dbr:Gzip dbr:Shell_script dbc:Linux_malware dbr:IRC dbr:OpenSSL dbr:Operating_system
dbp:wikiPageUsesTemplate	dbt:For dbt:Mono dbt:No_footnotes dbt:Which dbt:Malware-stub
dcterms:subject	dbc:Computer_worms dbc:Linux_malware
gold:hypernym	dbr:Worm
rdf:type	dbo:Animal yago:WikicatComputerWorms yago:Animal100015388 yago:Invertebrate101905661 yago:LivingThing100004258 yago:Object100002684 yago:Organism100004475 yago:PhysicalEntity100001930 yago:Worm101922303 yago:Whole100003553
rdfs:comment	Devnull is the name of a computer worm for the Linux operating system that has been named after /dev/null, Unix's null device. This worm was found on 30 September 2002. This worm, once the host has been compromised, downloads and executes a shell script from a web server. This script downloads a gzipped executable file named k.gz from the same address, and then decompresses and runs the file. This downloaded file appears to be an IRC client. It connects to different channels and waits for commands to process on the infected host. (en)
rdfs:label	Devnull (en)
owl:sameAs	freebase:Devnull yago-res:Devnull wikidata:Devnull https://global.dbpedia.org/id/4igSC
prov:wasDerivedFrom	wikipedia-en:Devnull?oldid=1063789554&ns=0
foaf:isPrimaryTopicOf	wikipedia-en:Devnull
is dbo:wikiPageWikiLink of	dbr:Linux_malware
is foaf:primaryTopic of	wikipedia-en:Devnull