AutoIt is reportedly becoming a more popular programming language for malware authors. Could you explain why this...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
is the case, and whether defending against AutoIt-based malware differs from any other type?
Ask the Expert
SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
To clarify, AutoIt is a legitimate system administration tool for scripting and automating the Windows graphical user interface (GUI). This automation allows pop-up windows to be clicked on to close application notification boxes or approve changes being made to a system. These functions are often difficult to perform with other scripting tools or programming languages.
While malware using AutoIt script is just as effective as any other malware, it may be more difficult to make complex malware using solely AutoIt -- but it's not impossible. Given the ease of programming, budding malware authors often use it as an entry language to more complex and advanced methods.
Since the core AutoIt executable code is used for legitimate system administration tasks, detecting malicious activities or network traffic based solely on a signature in the files can be challenging.
Fortunately, similar to other modern malware, AutoIt-based attacks can be detected by antivirus software on client systems. For antivirus software using signatures, a signature for AutoIt-based malware could be developed, as well as a behavioral pattern that could be blocked.
However, if your organization uses Web applications to upload and share text online, such as Pastebin, detecting malware can be tricky, especially if there are legitimate reasons to download code from such applications. If you place alerts on AutoIt scripts being downloaded from Pastebin, you may be able to detect malicious activity on the network. Alternately, hosting legitimate AutoIt scripts on an internal system can help you avoid false positives.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Locky ransomware has borrowed features from Dridex malware, which focused on attacking banks. Expert Nick Lewis explains Locky's techniques and how ...continue reading
The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks ...continue reading
MouseJack, a wireless mouse and keyboard security flaw, allows attackers to type malicious commands. Expert Nick Lewis explains how enterprises can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.