AutoIt is reportedly becoming a more popular programming language for malware authors. Could you explain why this...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is the case, and whether defending against AutoIt-based malware differs from any other type?
Ask the Expert
SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
To clarify, AutoIt is a legitimate system administration tool for scripting and automating the Windows graphical user interface (GUI). This automation allows pop-up windows to be clicked on to close application notification boxes or approve changes being made to a system. These functions are often difficult to perform with other scripting tools or programming languages.
While malware using AutoIt script is just as effective as any other malware, it may be more difficult to make complex malware using solely AutoIt -- but it's not impossible. Given the ease of programming, budding malware authors often use it as an entry language to more complex and advanced methods.
Since the core AutoIt executable code is used for legitimate system administration tasks, detecting malicious activities or network traffic based solely on a signature in the files can be challenging.
Fortunately, similar to other modern malware, AutoIt-based attacks can be detected by antivirus software on client systems. For antivirus software using signatures, a signature for AutoIt-based malware could be developed, as well as a behavioral pattern that could be blocked.
However, if your organization uses Web applications to upload and share text online, such as Pastebin, detecting malware can be tricky, especially if there are legitimate reasons to download code from such applications. If you place alerts on AutoIt scripts being downloaded from Pastebin, you may be able to detect malicious activity on the network. Alternately, hosting legitimate AutoIt scripts on an internal system can help you avoid false positives.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how ...continue reading
The SQL Slammer worm has re-emerged to attack a vulnerability in Microsoft SQL Server 2000. Expert Nick Lewis explains what enterprises can do to ...continue reading
The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.