Stealthy malware expands rootkit repertoire
Security researchers have discovered one of the most subtle and sophisticated examples of Windows rootkit software known to date. The AutoRun-NOX worm extends the standard VXer trick of using software vulnerabilities to infect systems, by including functionality that allows the worm to exploit Windows security bugs to hook into …
"For malware, it's rather unique to see such a technique being used."
It is not malware, it is Sticky Sweet Palware when IT Tempts One 42 Play Great Games.
See above.
(on a lighter note, a properly patched machine will be reasonably mitigation for this one)
"The worm uses a long-standing Windows vulnerability"
i'm guessing that it's the autorun 'feature' itself that's the vulnerability. Whoever thought that allowing things to run automatically, when inserting foreign media, was a good idea deserves to be publically flogged!
If the vulnerability has been patched for over a year, where's the beef?
Oh, and nice job not telling us which versions of Windows were vulnerable. Top notch reporting, that.
A few weeks ago at work. Was a pain to get rid of. Eventually just noted what was running at startup that wasn't signed, pulled the HD, deleted files with drive mounted on another machine (with autoruns disabled), then reinstalled & cleaned up the registry.
Strongly recommend using the Group Policy editor to disable autoruns on all drives.
Start>Run>gpedit.msc
...were legally obliged to send a physical copy of every critical fix to every registered user, they'd soon get the hang of checking for flaws...
Isn't GDI exploitation dead? Patched to death, and running in user level code only, neutering anything running in a limited user account. So much for root kits.
You sound like your colleague, beating dead horses and scaring us into hitting the update button multiple times per day.
Sign up, sign up for The Register's weekly IT security newsletter - click here
