Author Topic: INF:AutoRun-DK [Wrm] avast is one of the few scanners to detect this!  (Read 1764 times)

0 Members and 1 Guest are viewing this topic.

true indian

  • Guest
See: https://www.virustotal.com/file/baa61d4e2e16338fa84e10e4095ba75b62e356ddd81e421d5183cea824925125/analysis/1343807421/

Its good to see avast on the top for autorun malware  8)

This type of malware is the main vector that can invite array of malware..

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: INF:AutoRun-DK [Wrm] avast is one of the few scanners to detect this!
« Reply #1 on: August 01, 2012, 03:57:32 PM »
Nice write up for this malcode from F-Secure's Mikko can be found via this link: http://www.f-secure.com/weblog/archives/00001575.html
You find many snort rules for it in the so-called blacklist rules, like: 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca  for blacklist rules example: http://cs.uccs.edu/~cs591/ids/snort/snort2_9_0/rules/blacklist.rules  &
http://code.google.com/p/nfaengine/source/browse/SnortRuleClassification/rule.test/blacklist.rules?spec=svn48&r=48
also see: http://labs.snort.org/docs/16903.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!