DOCSLIB.ORG

PWS-Zbot Is a Trojan Threat Designed to Steal Data from Victim’S System

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
PWS-Zbot Is a Trojan Threat Designed to Steal Data from Victim’S System McAfee Labs Threat Advisory PWS Zbot June 6, 2014 Summary PWS-Zbot is a trojan threat designed to steal data from victim’s system. It is most widely known for stealing financial account information. For example, online banking login details and account data. PWS-Zbot spreads mostly via email but can also utilize autorun capabilities of removable media, or install via a drive-by infection when the user visits a compromised or malicious webpage. Once the infected binary file is installed to a machine it connects to a command and control server, and also monitors for internet activity and uploads stolen data. PWS-Zbot- http://vil.nai.com/vil/content/v_143802.htm PWS-Zbot.gen.ab- http://vil.nai.com/vil/content/v_249805.htm PWS-Zbot.gen.cu- http://vil.nai.com/vil/content/v_365620.htm W32/Zbot - http://vil.nai.com/vil/content/v_255218.htm Zbot+Necurs variant - http://blogs.mcafee.com/mcafee-labs/necurs-zbot-droppers-use-obfuscated-windows- xp-detection-bypass-automated-analysis Aliases: • Zeus • Trojan-Spy:W32/Zbot • Trojan.Zbot • Trojan-Spy.Win32.Zbot [Kaspersky] • Win32/Zbot [Microsoft] Detailed information about the trojan, its propagation, and mitigation are in the following sections: • Infection and Propagation Vectors • Characteristics and Symptoms • HTML injection on SSL-secured backing transactions • Botnet Command and Control • Peer 2 Peer Command and Control • Zbot as a file infector • Intercepting mouse clicks and capturing virtual keyboard screenshots • Zbot infecting Mobile devices Infection and Propagation Vectors An original infection may occur as a result of a download made by: • Exploiting a vulnerabilities like lnk files(CVE-2010-2568) • Using web attack toolkits as infection vector • Social engineering • Infecting Symbian mobile devices through harvested phone numbers • Attachments in email spam Mitigation Users are requested to exercise caution while opening unsolicited email and unknown links. Users are advised to update windows patches and virus definitions on a regular basis Characteristics and Symptoms There are multiple variants of Zbot variants in the wild. Multiple variants exhibit different behavior. The following are some well-known characteristics of PWS-Zbot. The trojan is capable of performing the following activities: • Injects its code through CreateRemoteThead and/or WriteProcessMemory to Winlogon.exe, svchost.exe or Explorer.exe. Recent variants have been observed to be injecting threads into other processes also. • Performs keylogging and screen snapshots • Hooks certain API calls from the following to intercept information coming in and out of the network including, WININET.DLL, WS2_32.DLL and USER32.DLL • Downloads configuration file from remote site • Attempts to retrieve a newer version of itself remotely • Posts stolen information to a remote site • Targets sensitive information such as online banking transactions • Opens a backdoor Upon execution of the file Zbot drops itself to: • %SysDir% folder as sdra64.exe • %SysDir% folder as [random hex number] .exe • %SysDir%\lowsec\local.ds – config file • %SysDir%\lowsec\user.ds – log file • %AppData%\[Random generated folder name]\[Randomly generated binary filename] • %AppData%\[Random generated folder name]\[Randomly generated data filename] • %AppData%\[[random hex number] .exe Creates autostart registry entry as a restart mechanism: • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run o {RandomUID} = %AppData%\[Random Named Folder]\[Random FileName] • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ o "Userinit" = "%System%\userinit.exe, %System%\sdra64.exe" • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run o { random hex number } = %AppData[random hex number] .exe • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\explorer\run o adobe = %AppData[random hex number] .exe The following non-malicious file is created(s): • %User Profile%\Application Data\Microsoft\Address Book\{user name}.wab The following registry entry is added : • HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name (Default) = "%User Profile%\Application Data\Microsoft\Address Book\{user name}.wab" The following registry ensures that the Trojan disables firewall notifications. • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic y\StandardProfile\GloballyOpenPorts\List {port}:TCP = "{port}:TCP:Enabled:TCP {port}" • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic y\StandardProfile\GloballyOpenPorts\List {port}:UDP = "{port}:UDP:Enabled:UDP {port}" The following registry ensures that the Trojan create a firewall rule to bypass the normal authentication. • HKEY_USERS\S-1-5-[VARIES]\Software\Microsoft\Internet Account Manager • HKEY_USERS\S-1-5-[VARIES]\Software\Microsoft\Internet Account Manager\Accounts • HKEY_USERS\S-1-5-[VARIES]\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC • HKEY_USERS\S-1-5-[VARIES]\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot • HKEY_USERS\S-1-5-[VARIES]\Software\Microsoft\Internet Account Manager\Accounts\VeriSign • HKEY_USERS\S-1-5-[VARIES]\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere • HKEY_USERS\S-1-5-[VARIES]\Software\Microsoft\WAB • HKEY_USERS\S-1-5-[VARIES]\Software\Microsoft\WAB\WAB4 • HKEY_USERS\S-1-5-[VARIES]\Software\Microsoft\WAB\WAB4\Wab File Name The following are the registry key values have been added to the system • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic y\StandardProfile\DisableNotifications: 0x00000000 Recent variants of this family have been observed to be creating two sub folders, an executable file and a data file with random name inside %APPDATA% folder. The subfolder names begin with an uppercase letter. It first retrieves address of APIs, checks if it is running under WOW64, obtains volume GUID path, generates a CLSID from the GUID, which is further encrypted, and collect OS information. It then decrypts 0x32c bytes from the code section which includes the URL information from where to download the configuration file as shown below: The malware can be executed with or without command line arguments (expected arguments are “f”, “i”, “n”, and “v”). It checks if the malware has been executed with any command line argument, when “-i” is passed as an argument it displays version information as shown below: It then checks if the file is a dropper or a dropped file. If it is a dropper then it drops its copy and terminates. Otherwise, it decrypts the appended data which contains dropped file information and checks if the file was dropped on the victim machine or on some other system by comparing the CLSID which was generated from the Volume Path GUID and if it is being run from the appropriate location as shown below: This also means that the dropped file wouldn’t execute on any other system even if we try executing it from the same folder location because the CLSID generated from the Volume Path GUID would be different. It then modifies its own code in memory and transfers control to the modified code. This modified code collects some system information like computer name, running operating system, installation date, DigitalProductId (generated using Product Key and hardware information during installation) and formats them in %s_%08X%08X format as shown below: [Computer name]_OSVersionInfo_InstallDate It can easily evade hash based detection because the appended data contains dropped file location information (which is randomly generated) before it drops its copy. It also changes the Creation, Access and Modified time of the dropped executable, the data file and executes the dropped executable file. After dropping executable file, the parent process is terminated and the file is deleted. The dropped file is responsible for injecting threads into remote processes. Remote Thread: • Injected code creates more malicious local threads if the process name matches any of the below mentioned list: dwm.exe, taskhost.exe, taskeng.exe, wscntfy.exe, ctfmon.exe, rdpclip.exe, explorer.exe • Scan logged in user’s Cookies and “Cookies\Low” folders for files which match the “*@*.txt” pattern. • Open the cookie file for read, search for separators (NewLine and Carriage Return characters) and formats the data “Path: %s”, “%s=%s” as shown below: • Steal certificate, associated private keys, encrypt and save them in the data file. Later certificates are deleted from the store. • Steal FTP Client information: • FlashFXP retrieve data associated with the value "datafolder" from “HKLM\ SOFTWARE\FlashFXP\3” subkey. It also search folders containing “*flashfxp*” pattern in their name inside %APPDATA% and %PROGRAMFILES% for these three files "sites.dat", "quick.dat", and ”history.dat” • Total Commander Retrieve data associated with the values "ftpininame", and "installdir" from “HKCU\SOFTWARE\Ghisler\Total Commander” and "SOFTWARE\Ghisler" subkeys. It also search folders containing any of the three strings “*totalcmd*”, “*total*commander*”, and “*ghisler*” in their name inside, %SYSTEMROOT%, %APPDATA% and %PROGRAMFILES% for "wcx_ftp.ini". • WS_FTP Retrieve data associated with the value "datadir" from "SOFTWARE\ipswitch\ws_ftp" subkey. It also search folders containing string “*ipswitch*” in their name inside, “COMMON_APPDATA”, %APPDATA% and %PROGRAMFILES% for "ws_ftp.ini ". • FileZilla Search %PROGRAMFILES% folder for “*.xml” file. • Far Manager FTP Retrieve “hostname”, “username”,
Load more

Recommended publications
  • Administrator's Guide
    Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release notes, and/or the latest version of the applicable documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/enterprise/scanmail-for-microsoft- exchange.aspx Trend Micro, the Trend Micro t-ball logo, Apex Central, eManager, and ScanMail are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright © 2020. Trend Micro Incorporated. All rights reserved. Document Part No.: SMEM149028/200709 Release Date: November 2020 Protected by U.S. Patent No.: 5,951,698 This documentation introduces the main features of the product and/or provides installation instructions for a production environment. Read through the documentation before installing or using the product. Detailed information about how to use specific features within the product may be available at the Trend Micro Online Help Center and/or the Trend Micro Knowledge Base. Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at [email protected]. Evaluate this documentation on the following site: https://www.trendmicro.com/download/documentation/rating.asp Privacy and Personal Data Collection Disclosure Certain features available in Trend Micro products collect and send feedback regarding product usage and detection information to Trend Micro. Some of this data is considered personal in certain jurisdictions and under certain regulations.
    [Show full text]
  • CONTENTS in THIS ISSUE Fighting Malware and Spam
    MARCH 2008 Fighting malware and spam CONTENTS IN THIS ISSUE 2 COMMENT EVASIVE ACTION Home (page) renovations Pandex has attracted very little attention from the media and generated little 3 NEWS discussion between malware Botherders herded researchers and among the 29A folds general populace. Chandra Prakash and Adam Thomas provide an overview of the Pandex operation and take an in-depth look at VIRUS PREVALENCE TABLE 3 the underlying code that has allowed this malware to evade detection for so long. 4 MALWARE ANALYSIS page 4 Pandex: the botnet that could PACKING A PUNCH In the fi nal part of the series on exepacker 9 FEATURE blacklisting, Robert Neumann takes a look at how all the processing and analysis techniques are put Exepacker blacklisting part 3 into practice in a real-life situation. page 9 15 CONFERENCE REPORT AVG TURNS 8 Black Hat DC and CCC 24C3 John Hawes gets his hands on a preview version of the latest offering from AVG. 18 PRODUCT REVIEW page 18 AVG Internet Security 8 22 END NOTES & NEWS This month: anti-spam news and events, and Ken Simpson considers the implications of rising spam volume despite increasing accuracy of content fi lters. ISSN 1749-7027 COMMENT ‘It is hoped that within all sizes of business. It is hoped that the comment facility will promote discussion among visitors and that the comment facility in some cases the more knowledgeable of VB’s readers will promote will be able to guide and assist those less well versed in discussion among the complexities of anti-malware technologies.
    [Show full text]
  • Interface IDE No MSX1 O Melhor Dos Msxdev's Symbos
    N Ú M E R O 9 N O V E M B R O 2 0 0 6 R $ 4 , 0 0 IInntteerrffaaccee IIDDEE nnoo MMSSXX11 OO mmeellhhoorr ddooss MMSSXXDDeevv''ss SSyymmbbOOSS NOVO MSX PARTE V½ | MSX RIO 2006 | SVI-738 XPRESS | AMSTRAD CPC | SEXO! M S X F o r c e 9 fudebatorial: ““LLoouuccuurraa”” éé aa úúnniiccaa ppaallaavvrraa ppoossssíívveell ppaarraa eexxpplliiccaarr!! Em 2005, um solitário programador alemão foi convencido a portar o seu trabalho, feito inicialmente para o seu micro favorito (um Amstrad CPC), para outra plataforma baseada em Z80. E qual foi a escolhida? Sim, o MSX2. E assim foi feito. Qual era o trabalho dele? O SymbOS. Em maio de 2006, saiu o primeiro beta e... O resto vocês lêem na matéria que temos sobre esse fantástico e revolucionário ambiente operacional para MSX. E, em breve, deveremos ter surpresas quanto ao SymbOS, aqui no nosso zine. Curioso? Pois saiba que o nosso articulista, “especializado” no MSX-em-um- chip, resolveu escrever um artigo derradeiro, sobre as últimas novidades realmente interessantes que ele ficou sabendo. Será que compensa comprar um? E como não basta ler o MSX.org, mas também comentar, saiba a opinião dele a respeito. Usar IDE num MSX1? Você é doido? Sim, se você se guiar pelo nosso tutorial, você irá conseguir usar uma IDE num MSX1. E você será rotulado como doido. Fudeba (claro!) e doido. Mas todos nós somos doidos... Doidos pelo MSX! Citamos o concurso MSXDev no fudebatorial passado (número 8). E resolvemos então: Por que não falarmos sobre o MSXDev? Então, mandamos o Dr.
    [Show full text]
  • Administrator's Guide
    Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release notes, and/or the latest version of the applicable documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/enterprise/trend-micro-im-security.aspx Trend Micro, the Trend Micro t-ball logo, Control Manager, MacroTrap, and TrendLabs are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright © 2014. Trend Micro Incorporated. All rights reserved. Document Part No.: TIEM16346/140311 Release Date: May 2014 Protected by U.S. Patent No.: Pending This documentation introduces the main features of the product and/or provides installation instructions for a production environment. Read through the documentation before installing or using the product. Detailed information about how to use specific features within the product may be available at the Trend Micro Online Help Center and/or the Trend Micro Knowledge Base. Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at [email protected]. Evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp Table of Contents Preface Preface ..............................................................................
    [Show full text]
  • CONTENTS in THIS ISSUE Fighting Malware and Spam
    NOVEMBER 2011 Fighting malware and spam CONTENTS IN THIS ISSUE 2 COMMENT LIKE A JEWEL IN THE SUN Within the margin of error Helen Martin reports on a week 3 NEWS in sunny Spain at the 21st Virus Spammers link to yet-to-be-registered Bulletin International domains Conference. Chemical industry targeted page 4 3 VIRUS PREVALENCE TABLE SPYEYE GOES MOBILE 4 CONFERENCE REPORT Despite the Windows versions of Zeus and SpyEye now sharing source code, Zitmo and Spitmo – the Viva Barcelona! mobile components of each – have nothing in common at the code level. Spitmo was created from MALWARE ANALYSES scratch solely for the purpose of stealing mTANs. 9 Spitmo – SpyEye component for Symbian Mikko Suominen has all the details. page 9 13 Flibi: reloaded FEATURES SNATCH AND GRAB 16 Investigating the abuse of search engines to Botnets such as Zeus, SpyEye and others use promote illicit online pharmacies the effective technique of form grabbing to steal 19 The art of stealing banking information – form sensitive information from victims’ machines. grabbing on fi re Adtiya Sood and his colleagues take a detailed look at the form-grabbing technique. 24 END NOTES & NEWS page 19 ISSN 1749-7027 COMMENT ‘Only 3% of the publication (eagle-eyed readers will already have observed this by adding the two numbers above). webmasters This year’s Virus Bulletin conference featured a similarly responded... Tanase interesting presentation by Stefan Tanase. He described had rediscovered the the process of contacting the webmasters of infected Romanian websites. The result was interesting: only 3% Bontchev constant.’ of the webmasters responded.
    [Show full text]
  • Subject: MSX2 Compatible Computer Project Posted by Sergey on Tue
    Subject: MSX2 Compatible Computer Project Posted by Sergey on Tue, 23 Jan 2018 21:12:41 GMT View Forum Message <> Reply to Message Hi, I'd like to build an MSX2 compatible computer. I'd like to share some of my ideas, and to get opinion of the forum members. My goals/wishes for this project: Follow MSX/MSX2 standards as close as possible 128 KiB (or more) RAM Yamaha V9938 VDP, 128 KiB Video RAM, composite and component outputs, with optional RGB output (header) The main purpose would be running MSX/MSX2 games. With CP/M, FUZIX, possibly MSX-DOS support being the secondary goal Two cartridge slots for game cartridges and hardware add-ons (e.g. MSX music, disk controller) Use CBIOS Implement a real keyboard. Likely using Cherry MX keys, and standard keycaps (a microcontroller based PS/2 adapter would be a backup option) Design modularity and form factor options (which one would you prefer?): A single board with the entire computer implemented on it. Should be about 200 mm x 160 mm in size. Pros: most compact way, Cons: no modularity at all ECB based system. We already have an MSX (not MSX2) video board, that might somewhat help with developing this project, although a new V9938 based board would have to be implemented. Pros: individual boards can be used for other (non MSX) ECB systems. Cons: more expensive: DIN 41612 connectors, additional bus buffers, etc. Also not as compact Non-ECB backplane based system. Potentially built using 100 mm x 100 mm boards. Pros: cheaper than ECB, no need to adhere to ECB standard, can use some pins for MSX-specific signals (slot select, chip selects).
    [Show full text]
  • Security Analysis of Smartphone Operating Systems
    VFAST Transactions on Software Engineering http://vfast.org/journals/index.php/VTSE@ 2013 ISSN(e): 2309-3978;ISSN(p): 2411-6246 Volume 1, Number 1, January-December, 2013 pp. 42-49 SECURITY ANALYSIS OF SMARTPHONE OPERATING SYSTEMS 1 2 ZEESHAN IQBAL , KINZA KHAN 1Kohat University of Science and Technology Kohat, Pakistan [email protected] 2Kohat University of Science and Technology Kohat, Pakistan [email protected] Revised August 2013 ABSTRACT. This paper discusses the security threats and vulnerabilities in smartphone and compares the operating system on the basis of their strengths and weakness by keeping in mind the security. Our purpose is to evaluate how much protected these system are, what risks can make them vulnerable and how to make these platform more strenghtend. Our work cover four main Smartphone operating system those are android. iOS, symbiyan and blackberry and anatomize their security environment. This paper Analyze to decreases smartphone vulnerabilities, maintain secrecy, integrity and availability of smartphone basic applications. We address to explore their vulnerabilities, threats and security levels. Keywords: Smartphone, security, android, iOS, blackberry, symbiyan. 1. Introduction. Today we are living in a technical world & majority of us are using cellular phone and computer. The most famous device is smartphone which uses is increasing day to day. Beginning of this technology cell phones were used for making calls and SMS not more than this while the PDAs were used as a small portable device. Ultimately, PDAs were obtained wireless connectivity and were capable of receiving and sending e-mails. So with passage of time cellular phone added more PDAs capabilities even like computers thus result in Smartphone.
    [Show full text]
  • Administrator's Guide
    Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release notes, and/or the latest version of the applicable documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/enterprise/scanmail-for-microsoft-exchange.aspx Trend Micro, the Trend Micro t-ball logo, Apex Central, eManager, and ScanMail are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright © 2019. Trend Micro Incorporated. All rights reserved. Document Part No.: SMEM148893/191210 Release Date: December 2019 Protected by U.S. Patent No.: 5,951,698 This documentation introduces the main features of the product and/or provides installation instructions for a production environment. Read through the documentation before installing or using the product. Detailed information about how to use specific features within the product may be available at the Trend Micro Online Help Center and/or the Trend Micro Knowledge Base. Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at [email protected]. Evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp Privacy and Personal Data Collection Disclosure Certain features available in Trend Micro products collect and send feedback regarding product usage and detection information to Trend Micro. Some of this data is considered personal in certain jurisdictions and under certain regulations.
    [Show full text]
  • Jk7h.Pwcd.Slyfomdg.Setmain
    Graduate School Form 30 Updated 1/15/2015 PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance This is to certify that the thesis/dissertation prepared By Wei Peng Entitled ON SEVERAL PROBLEMS REGARDING THE APPLICATION OF OPPORTUNISTIC PROXIMATE LINKS IN SMARTPHONE NETWORKS For the degree of Doctor of Philosophy Is approved by the final examining committee: Xukai Zou Chair Ninghui Li Feng Li Dongyan Xu To the best of my knowledge and as understood by the student in the Thesis/Dissertation Agreement, Publication Delay, and Certification Disclaimer (Graduate School Form 32), this thesis/dissertation adheres to the provisions of Purdue University’s “Policy of Integrity in Research” and the use of copyright material. Approved by Major Professor(s): Xukai Zou and Ninghui Li Approved by: Sunil Prabhakar 04/06/2015 Head of the Departmental Graduate Program Date ON SEVERAL PROBLEMS REGARDING THE APPLICATION OF OPPORTUNISTIC PROXIMATE LINKS IN SMARTPHONE NETWORKS A Dissertation Submitted to the Faculty of Purdue University by Wei Peng In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy May 2015 Purdue University West Lafayette, Indiana ii To Mom, Dad, and Q: you are the why. iii ACKNOWLEDGMENTS Four years have passed since I was last in this position, writing acknowledgments for my Master's thesis. A lot of things have changed during that time, but my gratitude to my mentors, Dr. Feng Li and Dr. Xukai Zou, remain the same. Again, I am grateful for you: • taking me onboard when I was wandering; • initiating me into the joys and pains of scientific research; • putting yourselves in my shoes and supporting me; • making a pitch for me beyond your duty; • trusting and encouraging me when I was in doubt; • not giving up on me; • and showing me life is, after all, larger than work.
    [Show full text]
  • R Epor T Resumes
    R EPOR TRESUMES ED 0!! 085 24 ADMINISTRATIVE CONTROLS IN PUBLIC SCHOOLSAND EFFECTIVE WORKING RELATIONSHIPS. BY- OTTO, HENRY J. VELDMAN, DONALD J. TEXAS UNIV., AUSTIN REPORT NUMBER CRF-S-350 PUB DATE 66 REPORT NUMBER BR-5-8126 ERRS PRICE MF-$0.09HC-$2.32 58F. DESCRIPTORS- SCHOOL ADMINISTRATION, *PRINCIPALS,*FUVLIC SCHOOL SYSTEMS, *ELEMENTARY SCHOOL TEACHERS,COMPARATIVE ANALYSIS, *ORGANIZATIONAL CLIMATE, 'TEACHERADMINISTRATOR RELATIONSHIP, DECISION MAKING, ORGANIZATIONALCLIMATE DESCRIPTION QUESTIONNAIRE, MCLEOD CONTROL STRUCTURE DESCRIPTION QUESTIONNAIRE, AUSTIN THE CONTROL STRUCTURE IN PUBLIC SCHOOLSYSTEMS WAS RELATED TO THE DIMENSIONS OF ORGANIZATIONALCLIMATE BY INVESTIGATING THE RELATIONSHIPS OF ELEMENTARY PRINCIPALS'AND TEACHERS' SCORES ON TWO MEASUREMENT INSTRUMENTS.THE HALPIN-CROFT ORGANIZATIONAL CLIMATE DESCRIPTIONQUESTIONNAIRE AND fHE MCLEOD CONTROL STRUCTURE DESCRIPTIONQUESTIONNAIRE WERE ADMINISTERED TO 38 PRINCIPALS AND684 TEACHERS. THE LATTER TEST CONTAINED 80 PROBLEM SITUATIONSDISTRIBUTEn EQUALLY INTO THE FOUR FUNCTIONALAREAS OF EDUCATIONAL PROGRAM, DEVELOPING PERSONNEL, MANAGING THESCHOOL, AND COMMUNITY RELATIONS. IT WAS FOUND THAT THEREWERE SIGNIFICANT RELATIONSHIPS BETWEEN AND AMONG THE PRINCIPALS' ALLOCATIONS OF SCORES ON BOTH TESTS AND THE TEACHERS'ALLOCATIONS OF SCORES ON BOTH TESTS. THE GENERAL CONCLUSION, HOWEVER,WAS THAT PRINCIPALS AND TEACHERS DO NOT USE A COMMONFRAME OR REFERENCE FOR VIEWING THEIR RELATIONSHIPS TO EACHOTHER, AND THEY SEE DECISION MAKING AND SCHOOL CLIMATE FROMDISSIMILAR VANTAGE POINTS. (GD) f,rnl'i.VVTION AND WELFARE irhisdocum,s,, cerSori Cr Y.y = r roceivedfrom the A,. Stated 00nt,, cf viewcr opinions position or c.riiciJ Officeof Education ADMINISTRATIVE CONTROLSIN PUBLIC SCHOOLS AND EFFECTIVE WORKINGRELATIONSHIPS Cooperative Resear e t Bureau Numb 81 by Henry J. Otto, PrinoipalInvestigator and Donald J. Ifeldman The University ofTexas Austin, Texas June 15, 1965 to May 31,1966 The research reportedherewith was supported by the CooperativeResearch Program of the Office of Education,U.S.
    [Show full text]
  • 9780321623980 Sample.Pdf
    Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. Symantec Press Publisher: Linda McCarthy Editor in Chief: Karen Gettman Acquisitions Editor: Jessica Goldstein Cover Designer: Alan Clements Managing Editor: Gina Kanouse Senior Project Editor: Kristy Hart Copy Editor: Christal Andry Indexers: Cheryl Lenser and Larry Sweazy Compositor: Stickman Studio Manufacturing Buyer: Dan Uhrig The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact: U. S. Corporate and Government Sales (800) 382-3419 [email protected] For sales outside the U. S., please contact: International Sales [email protected] Visit us on the Web: www.awprofessional.com Library of Congress Number: 2004114972 Copyright © 2005 Symantec Corporation All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise.
    [Show full text]
  • I Orth American Musk Oxen Bootherium, Symbos, and Gidleya (Mammalia: Artiodactyla: Bovidae) A
    The Autochthonous _ I orth American Musk Oxen Bootherium, Symbos, and Gidleya (Mammalia: Artiodactyla: Bovidae) A JERRY N. MCDONALD and CLAYTON E. RAY SMITHSONIAN CONTRIBUTIONS TO PALEOBIOLOGY • NUMBER 66 SERIES PUBLICATIONS OF THE SMITHSONIAN INSTITUTION Emphasis upon publication as a means of "diffusing knowledge" was expressed by the first Secretary of the Smithsonian. In his formal plan for the Institution, Joseph Henry outlined a program that included the following statement: "It is proposed to publish a series of reports, giving an account of the new discoveries in science, and of the changes made from year to year in all branches of knowledge." This theme of basic research has been adhered to through ttie years by thousands of titles issued in series publications under the Smithsonian imprint, commencing with Smithsonian Contributions to Knowledge in 1848 and continuing with the following active series: Smithsonian Contributions to Anthropotogy Smithsonian Contributions to Astrophysics Smithsonian Contributions to Botany Smithsonian Contributions to the Earth Sciences Smithsonian Contributions to the l^arlne Sciences Smithsonian Contributions to Paleobiology Smithsonian Contributions to Zoology Smithsonian Folklife Studies Smithsonian Studies in Air and Space Smithsonian Studies in History and Technology In these series, the Institution publishes small papers and full-scale monographs that report the research and collections of its various museums and bureaux or of professional colleagues in the world of science and scholarship. The publications are distributed by mailing lists to libranes, universities, and similar institutions throughout the world. Papers or monographs submitted for series publication are received by the Smithsonian Institution Press, subject to its own review for format and style, only through departments of the various Smithsonian museums or bureaux, where the manuscripts are given substantive review.
    [Show full text]