Нет ответов в данной теме

[admin]

November 27, 2008

Doctor Web reports a significant increase of new viruses spreading on
removable data storage devices. Malicious programs created using the
AutoIt scripting language with their shrouded code are very hard to
analyze.

Automatic launch of the malicious code placed on a removable device
has become one of the main causes of infection in recent months. The
malicious code is classified by Dr.Web as Win32.HLLW.Autoruner.

The number of the new viruses grows along with the popularity of
AutoIt (a freeware automation language for Windows). The language is
very easy to learn and provides wide opportunities for virus makers.

The script code of such a virus can also include other malicious
binary files with all of them compressed using various packers. When
other malware is included in an AutoIt script it makes them very hard
to detect by anti-virus software.

Viruses infesting systems from removable devices has become an urgent
issue with many companies and governmental institutions restricting
usage of removable data storage devices by employees. So the US army
suspended use of USB disks and flash drives aiming to contain spread
of a worm in its networks. Many companies also adopt special software
that restricts usage of removable devices.

“Various executable packers and obfuscated code are typical techniques
employed by virus makers. Now they use features of the AutoIt
scripting language to which we provide a prompt response. For example
the beta-version of the Dr.Web anti-virus 5.0 currently in public
testing features recompilation of AutoI tmalware that allows analyzing
malicious scripts and unpacking executables included in AutoIt worms”,
Vladimir Martyanov, the virus analyst of Doctor Web remarked.

Doctor Web recommends all Windows users to disable the autorun of
removable data storage devices (USB Flash Drive, CD/DVD, removable
hard drives) and reduce the risk of infection. Besides, files placed
on a device should be checked using an anti-virus with the latest
virus definitions before you launch or open any of the files.


View the full article