W32/Autorun.worm.aaeh
W32/Autorun.worm.aaeh is a polymorphic worm that can evolve into other dangerous variants. W32/Autorun.worm.aaeh also has advanced obfuscation techniques that make it increasingly hard for anti-malware programs to catch and stop an attack involving W32/Autorun.worm.aaeh. ESG security researchers have observed a recent increase in attacks involving this dangerous worm's family. These worms all have in common that they are compiled in Visual Basic 6 and that they exploit vulnerabilities involving AutoRun. These worms are polymorphic meaning it affects both, the server and the client.
How W32/Autorun.worm.aaeh and Its Variants Spread from One Computer to Another
According to PC security analysts, W32/Autorun.worm.aaeh and its variants use spam email message to spread from one computer to another. However, spam email is not the only way W32/Autorun.worm.aaeh spreads. W32/Autorun.worm.aaeh can be downloaded onto the victim's computer by a secondary backdoor Trojan, such as BackDoor-FJW, which connects to a malicious server and downloads and installs W32/Autorun.worm.aaeh on the victim's computer. W32/Autorun.worm.aaeh can also be installed directly on the victim's computer after the victim visits an attack website containing the dangerous Black Hole Exploit Kit. Another common way W32/Autorun.worm.aaeh spreads is shared by many Autorun worms, infecting a thumb drive and using an autorun.inf file to run automatically as soon as it is plugged in. One characteristic of W32/Autorun.worm.aaeh is that W32/Autorun.worm.aaeh uses icons that are designed to copy the typical Windows' folder icon in order to trick computer users into clicking it so they will be able to view its contents.
W32/Autorun.worm.aaeh Stands Out from Other Worms Because of Its Obfuscation Techniques
One of the aspects of the W32/Autorun.worm.aaeh worm family that makes W32/Autorun.worm.aaeh stand out is the advanced obfuscation that W32/Autorun.worm.aaeh uses in order to avoid detection. W32/Autorun.worm.aaeh uses techniques that allow W32/Autorun.worm.aaeh to pose as legitimate software. W32/Autorun.worm.aaeh also uses advanced encryption in order to prevent PC security researchers from studying the W32/Autorun.worm.aaeh worm's code. W32/Autorun.worm.aaeh and its variants have evolved substantially since their first appearance in late 2011. Variants of W32/Autorun.worm.aaeh detected in 2013 are noticeably more complex than earlier versions of this worm, using various rounds of encryption and techniques such as junk API calls in their code to make them nearly impossible to study in depth. ESG security researchers strongly advise keeping your security software fully updated and browsing the web safely to prevent infections involving W32/Autorun.worm.aaeh.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.