AutoIt is reportedly becoming a more popular programming language for malware authors. Could you explain why this...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is the case, and whether defending against AutoIt-based malware differs from any other type?
Ask the Expert
SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
To clarify, AutoIt is a legitimate system administration tool for scripting and automating the Windows graphical user interface (GUI). This automation allows pop-up windows to be clicked on to close application notification boxes or approve changes being made to a system. These functions are often difficult to perform with other scripting tools or programming languages.
While malware using AutoIt script is just as effective as any other malware, it may be more difficult to make complex malware using solely AutoIt -- but it's not impossible. Given the ease of programming, budding malware authors often use it as an entry language to more complex and advanced methods.
Since the core AutoIt executable code is used for legitimate system administration tasks, detecting malicious activities or network traffic based solely on a signature in the files can be challenging.
Fortunately, similar to other modern malware, AutoIt-based attacks can be detected by antivirus software on client systems. For antivirus software using signatures, a signature for AutoIt-based malware could be developed, as well as a behavioral pattern that could be blocked.
However, if your organization uses Web applications to upload and share text online, such as Pastebin, detecting malware can be tricky, especially if there are legitimate reasons to download code from such applications. If you place alerts on AutoIt scripts being downloaded from Pastebin, you may be able to detect malicious activity on the network. Alternately, hosting legitimate AutoIt scripts on an internal system can help you avoid false positives.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is ...continue reading
Kaspersky Lab recently accused Windows 10 of acting as an antivirus block to third-party antimalware software. Discover how your software is being ...continue reading
QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.