Skip to main content

Autorooter - One More Reason To Patch Your Computer

4 August 2003

Kaspersky Labs, a leading expert in information security, has detected a new Internet worm - Autorooter. Autorooter has already been sent as spam to many email recipients ...


A new breach in Windows is under attack Kaspersky Lab, a leading expert in information security, has detected a new Internet worm - Autorooter. Autorooter has already been sent as spam to many email recipients. Fortunately, the self-replication segment of the worm is not activated so it has not spread widely yet. However, Autorooter attacks a breach in Windows NT, 2000 and XP that was discovered only 2 weeks ago. Kaspersky Lab experts predict that the author of Autorooter may still activate the self-replication functions of the worm. Therefore, Kaspersky Lab urges all users to download the necessary patch from Microsoft. The Autorooter is a hybrid - part Internet worm and part backdoor Trojan. The packet consists of three components - the worm carrier, a module for file exchange by FTP and the attack module (via the Microsoft breach). The attack module first causes an OS buffer overrun and then loads the remaining components. This breach was identified a few weeks ago and Microsoft has released a patch. Once the worm itself is loaded it initiates the spread and installation of further components. Since the self-replication function of Autorooter is currently not operational, the worm does not continue spreading via the Internet. However, the built in FTP server module loads the trojan IRCbot. This in turn, allows for the hacker controlling the trojan to manipulate the infected computer. "We believe that this version of Autorooter is only the experimental one. A more viable version is likely to appear and cause serious damage to the Internet", comments Eugene Kaspersky, Head of Anti-Virus Research and founder of Kaspersky Lab, "it is possible that the author of Autorooter wanted to create a network of infected computers before launching a major virus epidemic or hacker attack". Kaspersky Lab anti-virus experts strongly recommend that all users download the Microsoft patch and block TCP ports 135, 139 and 445. Security measures against Autorooter have already been added to the Kaspersky® Anti-Virus databases.

Autorooter - One More Reason To Patch Your Computer

Kaspersky Labs, a leading expert in information security, has detected a new Internet worm - Autorooter. Autorooter has already been sent as spam to many email recipients ...
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Innovating the industry with a Cyber Immunity approach, Kaspersky safeguards consumers, businesses, critical infrastructure, and governments from cyberthreats, with over a billion devices protected to date.

Kaspersky ensures Cybersecurity True to Business, focusing on providing clear outcomes, protecting revenue, easing workloads and preventing downtime. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services for organizations of every size, from small businesses to large enterprises, combining proven AI-driven protection technologies with simple management and expert support.

Recognized in independent tests and trusted by millions of individuals worldwide and nearly 200,000 organizations, Kaspersky helps detect threats earlier, respond faster and operate with greater confidence and freedom, protecting what matters most to our clients. Learn more at www.kaspersky.com.

Related Articles Press Releases