W32/Autorun.worm.aaeb-h
Created: 28 Nov 2012 | 7 comments
Given that McAfee has released an Extra Dat file and updated its Stinger to cover this latest threat, is there anything similar appeared in the Symantec world? Or is there going to be?
Regards
Fal
Discussion Filed Under:
Comments 7 Comments • Jump to latest comment
See this thread, in particular the post by dmaltby
https://www-secure.symantec.com/connect/forums/doe...
SEP Knowledge Base
Endpoint SWAT
¿So that article applies to this new variant of the "W32/Autorun.worm.aaeb-h"? Or maybe we'll have to wait until Symantec releases an official removal tool...
So far that i know W32/Autorun.worm.aaeb-h = W32.Changeup. but i could be wrong. Just lets hope its the same cause then we have new definitions for them.
Can some Symantec employee verify this?
Hi,
Symantec detects this threat as a W32.changeup
W32.Changeup is a worm that spreads through removable and mapped drives. It also spreads by exploiting the Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability (BID 41732). The worm may also spread through certain file-sharing programs.
W32.Changeup writeup
http://www.symantec.com/security_response/writeup.jsp?docid=2009-081806-2906-99
Security Response Blog Article – A Malicious Gift
http://www.symantec.com/connect/blogs/w32changeup-malicious-gift-keeps-giving
W32.Changeup Threat Profile (Older, historical reference)
http://www.symantec.com/connect/blogs/w32changeup-threat-profile
W32.Changeup VB Polymorphic Code Uncovered (Older, historical reference)
http://www.symantec.com/connect/blogs/w32changeup-visual-basic-polymorphic-code-uncovered
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Symantec does not detect this threat, at least not as of the Nov 29 r9 patterns.
One of our clients (running SEP 11) was infected with this today, and a custom SEP scan did not identify the (obvious) malware files as risks.
A sample file submitted to virustotal.com was identified by only 7 engines. This included McAfee, which identified it as W32/Autorun.worm.aaeh (thus confirming the source), but not Symantec.
Hi,
We have seen couple of new variant of this threat.
If you feel there is any undetected new threat then please submit it to Symantec.
https://submit.symantec.com/websubmit/basic.cgi
or
https://submit.symantec.com/websubmit/essentials.cgi
Security Best Practices for Protecting a Business Environment from Common Threats
http://www.symantec.com/docs/TECH105236
Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x
http://www.symantec.com/docs/TECH104909
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
A new blog post that will be of interest:
https://www-secure.symantec.com/connect/blogs/w32changeup-keeps-giving
With thanks and best regards,
Mick
Would you like to reply?
Login or Register to post your comment.