https://wiki.sarg.dev/index.php?action=history&feed=atom&title=Devnull 2026-04-22T12:32:25Z Revision history for this page on the wiki MediaWiki 1.44.2 https://wiki.sarg.dev/index.php?title=Devnull&diff=196865&oldid=prev 2025-02-10T11:54:35Z

<p>Added short description</p> <p><b>New page</b></p><div>{{Short description|Linux computer worm}}<br /> {{for|the Unix null device|/dev/null}}<br /> {{No footnotes|date=March 2010}}<br /> &#039;&#039;&#039;Devnull&#039;&#039;&#039; is a [[computer worm]] for the [[Linux]] [[operating system]] that was named after {{mono|[[/dev/null]]}}, [[Unix]]&#039;s null device. This worm was found on 30 September 2002.<br /> <br /> This worm, once the host has been compromised, downloads and executes a [[shell script]] from a web server. This script downloads a [[gzip]]ped executable file named {{mono|k.gz}} from the same address, and then decompresses and runs the file.<br /> <br /> This downloaded file appears to be an [[IRC]] client. It connects to different channels and waits for commands to process on the infected host. <br /> <br /> Then the worm checks for presence of the [[GNU Compiler Collection|GCC]] compiler on the local system and, if found, creates a directory called {{mono|.socket2}}. Next, it downloads a compressed file called {{mono|devnull.tgz}}. After decompressing, two files are created: an [[Executable and Linkable Format|ELF]] binary file called {{mono|devnull}} and a source script file called {{mono|sslx.c}}. The latter gets compiled into the ELF binary {{mono|sslx}}.<br /> <br /> The executable will scan for vulnerable hosts and use the compiled program to exploit a known [[OpenSSL]] vulnerability.{{which|date= November 2020}}<br /> <br /> ==See also==<br /> *[[Linux malware]]<br /> <br /> == External links ==<br /> *[http://www.f-secure.com/v-descs/devnull.shtml F-Secure&#039;s Website: Linux/Devnull]<br /> <br /> [[Category:Computer worms]]<br /> [[Category:Linux malware]]<br /> <br /> {{malware-stub}}</div>

imported>InsertCoolNameHere78