Devnull
Template:Short description Template:For Template:No footnotes Devnull is a computer worm for the Linux operating system that was named after Template:Mono, Unix's null device. This worm was found on 30 September 2002.
This worm, once the host has been compromised, downloads and executes a shell script from a web server. This script downloads a gzipped executable file named Template:Mono from the same address, and then decompresses and runs the file.
This downloaded file appears to be an IRC client. It connects to different channels and waits for commands to process on the infected host.
Then the worm checks for presence of the GCC compiler on the local system and, if found, creates a directory called Template:Mono. Next, it downloads a compressed file called Template:Mono. After decompressing, two files are created: an ELF binary file called Template:Mono and a source script file called Template:Mono. The latter gets compiled into the ELF binary Template:Mono.
The executable will scan for vulnerable hosts and use the compiled program to exploit a known OpenSSL vulnerability.Template:Which