Security Protection – Harry Waldron MVP Rotating Header Image

AutoRun Worm – New version highly advanced and polymorphic

McAfee labs shares an update on developments for the latest Autorun worm which is very difficult to detect and uses highly advanced techniques to infect vulnerable computers

http://blogs.mcafee.com/mcafee-labs/polymorphic-autorun-worm-evolves-and-obfuscates

QUOTE: The W32/Autorun.worm.aaeh family usually gets on a victim’s machine through email spam, Blacole drive-by downloads, or downloads by BackDoor-FJW. From a behavioral perspective, it looks like any other thumb-drive infecting worm. It adds an autorun.inf file on all removable drives and network shares, has an icon resembling a folder icon to trick people into double-clicking it, and infects ZIP and RAR archives. What separates this worm from the rest, however, is the level of obfuscation and polymorphism that it employs.

The worm can download other prevalent families, such as ZBot, and it’s clear that the payload families use the worm’s spreading mechanism as a propagation vector.  This family hasn’t shown signs of fading away (more than a million files on VirusTotal belong to this family), but with a few simple steps, you can avoid getting infected by this annoying worm.

* Don’t click links in spam emails that promise free stuff or suggest new ways to make a quick buck.

* Don’t execute software that arrives via spam.

* Disable the AutoRun feature on Windows

* Refrain from opening files from unknown sources

* Don’t open any executable file with a shady application name

* Check source by hovering your mouse near a link

* Don’t open any executable file that looks like a folder icon with blurred edges

* Read our Threat Advisory for more information

Comments are closed.