Autorooter - One More Reason To Patch Your Computer

August 4, 2003

Kaspersky Labs, a leading expert in information security, has detected a new Internet worm - Autorooter. Autorooter has already been sent as spam to many email recipients ...

A new breach in Windows is under attack Kaspersky Lab, a leading expert in information security, has detected a new Internet worm - Autorooter. Autorooter has already been sent as spam to many email recipients. Fortunately, the self-replication segment of the worm is not activated so it has not spread widely yet. However, Autorooter attacks a breach in Windows NT, 2000 and XP that was discovered only 2 weeks ago. Kaspersky Lab experts predict that the author of Autorooter may still activate the self-replication functions of the worm. Therefore, Kaspersky Lab urges all users to download the necessary patch from Microsoft. The Autorooter is a hybrid - part Internet worm and part backdoor Trojan. The packet consists of three components - the worm carrier, a module for file exchange by FTP and the attack module (via the Microsoft breach). The attack module first causes an OS buffer overrun and then loads the remaining components. This breach was identified a few weeks ago and Microsoft has released a patch. Once the worm itself is loaded it initiates the spread and installation of further components. Since the self-replication function of Autorooter is currently not operational, the worm does not continue spreading via the Internet. However, the built in FTP server module loads the trojan IRCbot. This in turn, allows for the hacker controlling the trojan to manipulate the infected computer. "We believe that this version of Autorooter is only the experimental one. A more viable version is likely to appear and cause serious damage to the Internet", comments Eugene Kaspersky, Head of Anti-Virus Research and founder of Kaspersky Lab, "it is possible that the author of Autorooter wanted to create a network of infected computers before launching a major virus epidemic or hacker attack". Kaspersky Lab anti-virus experts strongly recommend that all users download the Microsoft patch and block TCP ports 135, 139 and 445. Security measures against Autorooter have already been added to the Kaspersky® Anti-Virus databases.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Autorooter - One More Reason To Patch Your Computer

Autorooter - One More Reason To Patch Your Computer

About Kaspersky

Related Articles Press Releases

Dangerous Loki backdoor discovered: Kaspersky experts identify agent in Russian company cyberattacks

DIY Ransomware: novice cybercriminals bigger threat thanks to off-the-shelf code

Kaspersky identifies new APT group targeting Russian government entities

SMB cyber infections rising amid resurgence of attacks leveraging Microsoft Excel, Kaspersky reports

Every third cyber incident was due to ransomware, Kaspersky reports

Global mobile banking malware grows 32 percent in 2023

Turkey, Russia, Southeast Asia and Latin America hit by Android threats, Kaspersky identifies

‘Coyote’ ugly: Kaspersky unveils banking trojan targeting over 60 institutions

New cross-platform threats uncovered by Kaspersky

Kaspersky reveals advanced tactics in cyber espionage campaigns using MATA toolset