Malware Creators Exploiting AutoIt
Trend Micro warns that malware developers are increasingly using AutoIt, the automation computer-language, which resembles the BASIC, for Windows programming to serve the identical purposes AutoIt does for legitimate programmers, viz. it is cost-free, user-friendly and flexible.
Notably, beginning from 1999, users have been finding the freeware AutoIt. Exclusive software, which when operated consumes less time, it's ordinarily utilized for making trivial tasks automatic like disk de-fragmentations or making backups. It also builds graphical interfaces for end-users.
Trend Micro's Threat Researcher Kyle Wilhoit states there's a rise in sinister codes through the AutoIt tool. Thus, the codes include remote control giving Trojans and keystroke loggers. These are getting uploaded to Pastie and Patebin, the popular hangouts for hackers, Wilhoit explains. Threatpost.com reported this dated May 6, 2013.
Essentially, authors of malicious software are largely tampering with the codes for accomplishing one DarkComet variant that's certain remote control facilitating Trojan, currently lurking online as it plants backdoors onto host computers, while exchanges messages via port 1604, the researcher states.
And besides the variant sending messages, it as well alters firewall policies of localized software for making them dysfunctional, while also ensures its installation during system-reboot to reside permanently. Once executed, the variant plants specific files.
In short, the malware instantly deactivates Windows PCs' Firewall followed with deactivating the capability for entering Windows registry thereby preventing viewing/reversing of the alternations done (an attempt, essentially generates an error notice).
The fascinating aspect regarding the malware is not its being any DarkComet variant rather it's its creation with AutoIt, while mostly flying under the radar of anti-viruses. According to the researchers of Trend Micro, the malware identified is TROJ_FYNLOSKI.BU
According to Wilhoit, the new DarkComet variant may simply usher in one fresh threat trend.
He says, as the AutoIt type of scripting languages become more-and-more popular, there maybe increasing numbers of the above kinds of malicious programs that'll migrate to utilizing the languages. Actually, the languages, being simple to learn and use and their facilitation towards code-postings onto well-known drop-sites provide immense scope to ill-intended users for multiplying their malicious wares, concludes Wilhoit. Blog.trendmicro.com published this dated May 6, 2013.
» SPAMfighter News - 5/13/2013