Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Cisco Threat Research - Malware Meets SysAdmin – Automation Tools Gone Bad

August 2015 by Cisco

Cisco’s Talos Security Intelligence and Research Group has released its latest blog post, detailing its research into a new and unique type of targeted phishing attack.

As opposed to other phishing campaigns such as Dridex, Upatre and Cryptowall, this targeted attack is utilising AutoIT, a well-known and legitimate freeware administration tool for automating system management that is used in corporate environments. The group found that by using AutoIT, adversaries can successfully install Remote Access Trojans and remotely control compromised hosts to conduct malicious operations, such as exfiltrating sensitive information. These campaigns are highly and particularly effective at remaining hidden and evading detection by traditional anti-virus technologies due to their ability to appear highly credible to users and maintain a presence on the host that is similar to normal administration activity.

See previous articles


See next articles