back to article Stealthy malware expands rootkit repertoire

Security researchers have discovered one of the most subtle and sophisticated examples of Windows rootkit software known to date. The AutoRun-NOX worm extends the standard VXer trick of using software vulnerabilities to infect systems, by including functionality that allows the worm to exploit Windows security bugs to hook …


This topic is closed for new posts.
  1. amanfromMars Silver badge

    Nymphs and Satyrs ....AIdDictive Compulsive Orders

    "For malware, it's rather unique to see such a technique being used."

    It is not malware, it is Sticky Sweet Palware when IT Tempts One 42 Play Great Games.

  2. Anonymous Coward
    Paris Hilton

    ..and that gibberish comment helps how, precisely?

    See above.

    (on a lighter note, a properly patched machine will be reasonably mitigation for this one)

  3. Anonymous Coward
    Anonymous Coward

    from the name

    "The worm uses a long-standing Windows vulnerability"

    i'm guessing that it's the autorun 'feature' itself that's the vulnerability. Whoever thought that allowing things to run automatically, when inserting foreign media, was a good idea deserves to be publically flogged!

  4. Wolf
    Thumb Down

    So this is stale beer?

    If the vulnerability has been patched for over a year, where's the beef?

    Oh, and nice job not telling us which versions of Windows were vulnerable. Top notch reporting, that.

  5. Anonymous Coward

    Swear I saw something similar to this...

    A few weeks ago at work. Was a pain to get rid of. Eventually just noted what was running at startup that wasn't signed, pulled the HD, deleted files with drive mounted on another machine (with autoruns disabled), then reinstalled & cleaned up the registry.

    Strongly recommend using the Group Policy editor to disable autoruns on all drives.


  6. Colin Wilson

    if Microsoft...

    ...were legally obliged to send a physical copy of every critical fix to every registered user, they'd soon get the hang of checking for flaws...

  7. Gordon Fecyk

    Are you subbing for Dan Goodin or something?

    Isn't GDI exploitation dead? Patched to death, and running in user level code only, neutering anything running in a limited user account. So much for root kits.

    You sound like your colleague, beating dead horses and scaring us into hitting the update button multiple times per day.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022