Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
INF:AutoRun-DK [Wrm] avast is one of the few scanners to detect this!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: INF:AutoRun-DK [Wrm] avast is one of the few scanners to detect this! (Read 1764 times)
0 Members and 1 Guest are viewing this topic.
true indian
Guest
INF:AutoRun-DK [Wrm] avast is one of the few scanners to detect this!
«
on:
August 01, 2012, 10:18:35 AM »
See:
https://www.virustotal.com/file/baa61d4e2e16338fa84e10e4095ba75b62e356ddd81e421d5183cea824925125/analysis/1343807421/
Its good to see avast on the top for autorun malware
This type of malware is the main vector that can invite array of malware..
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33891
malware fighter
Re: INF:AutoRun-DK [Wrm] avast is one of the few scanners to detect this!
«
Reply #1 on:
August 01, 2012, 03:57:32 PM »
Nice write up for this malcode from F-Secure's Mikko can be found via this link:
http://www.f-secure.com/weblog/archives/00001575.html
You find many snort rules for it in the so-called blacklist rules, like: 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca for blacklist rules example:
http://cs.uccs.edu/~cs591/ids/snort/snort2_9_0/rules/blacklist.rules
&
http://code.google.com/p/nfaengine/source/browse/SnortRuleClassification/rule.test/blacklist.rules?spec=svn48&r=48
also see:
http://labs.snort.org/docs/16903.html
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
INF:AutoRun-DK [Wrm] avast is one of the few scanners to detect this!