Avast WEBforum

Other => Viruses and worms => Topic started by: true indian on August 01, 2012, 10:18:35 AM

Title: INF:AutoRun-DK [Wrm] avast is one of the few scanners to detect this!
Post by: true indian on August 01, 2012, 10:18:35 AM: See: https://www.virustotal.com/file/baa61d4e2e16338fa84e10e4095ba75b62e356ddd81e421d5183cea824925125/analysis/1343807421/

Its good to see avast on the top for autorun malware 8)

This type of malware is the main vector that can invite array of malware..
Title: Re: INF:AutoRun-DK [Wrm] avast is one of the few scanners to detect this!
Post by: polonus on August 01, 2012, 03:57:32 PM: Nice write up for this malcode from F-Secure's Mikko can be found via this link: http://www.f-secure.com/weblog/archives/00001575.html
You find many snort rules for it in the so-called blacklist rules, like: 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca for blacklist rules example: http://cs.uccs.edu/~cs591/ids/snort/snort2_9_0/rules/blacklist.rules &
http://code.google.com/p/nfaengine/source/browse/SnortRuleClassification/rule.test/blacklist.rules?spec=svn48&r=48
also see: http://labs.snort.org/docs/16903.html

polonus

SMF 2.0.18 | SMF © 2015, Simple Machines