back to article Cisco's RAT-catchers spot sysadmin-targeted phish

File this under “it was bound to happen one day”: Cisco has spotted a targeted phishing attack based on a popular sysadmin automation tool. If someone in the “IT crowd” bunker falls for the phishing attack, Cisco's Talos Group says the payload exploits AutoIT, a scripting admin environment for Windows. Talos explains what's …

  1. Pascal Monett Silver badge

    The script “contained the actual functionality

    Hopefully that means that analysts will now be able to incorporate this valuable information and make all applications more secure.

  2. Joey M0usepad Silver badge

    auto-it is hardly the subtlest method of automation!

  3. Down not across Silver badge

    Macros - spawn of evil

    Documents should not have macros. If you need anything fancy then it should be like MailMerge for WordStar with placeholders and executed separately.

    If there weren't macros end embedded crap in documents (Word, PDF, etc) we'd have considerably smaller attack surface.

  4. Old Handle

    It seems to me it would be simpler to report this as "malware (or RAT) written in AutoIt.", since they ran it as an interpreter, I guess technically accurate to say the malware used AutoIt... but it's not like they tricked or hacked it. They simply wrote a nasty program in that language and used it normally.

    The most annoying thing about all this is it can easily result in useful harmless programs getting flagged as viruses. This has happened before.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021