AutoIt is reportedly becoming a more popular programming language for malware authors. Could you explain why this...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is the case, and whether defending against AutoIt-based malware differs from any other type?
Ask the Expert
SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
To clarify, AutoIt is a legitimate system administration tool for scripting and automating the Windows graphical user interface (GUI). This automation allows pop-up windows to be clicked on to close application notification boxes or approve changes being made to a system. These functions are often difficult to perform with other scripting tools or programming languages.
While malware using AutoIt script is just as effective as any other malware, it may be more difficult to make complex malware using solely AutoIt -- but it's not impossible. Given the ease of programming, budding malware authors often use it as an entry language to more complex and advanced methods.
Since the core AutoIt executable code is used for legitimate system administration tasks, detecting malicious activities or network traffic based solely on a signature in the files can be challenging.
Fortunately, similar to other modern malware, AutoIt-based attacks can be detected by antivirus software on client systems. For antivirus software using signatures, a signature for AutoIt-based malware could be developed, as well as a behavioral pattern that could be blocked.
However, if your organization uses Web applications to upload and share text online, such as Pastebin, detecting malware can be tricky, especially if there are legitimate reasons to download code from such applications. If you place alerts on AutoIt scripts being downloaded from Pastebin, you may be able to detect malicious activity on the network. Alternately, hosting legitimate AutoIt scripts on an internal system can help you avoid false positives.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.