Tag Archives: VB6

Polymorphic AutoRun Worm Evolves and Obfuscates

Recently we have seen a spike in a Visual Basic 6-compiled AutoRun worm family. The family is both client- and server-side polymorphic. (For more on this family, refer to our VIL and Advisory entries.) The W32/Autorun.worm.aaeh family usually gets on a victim’s machine through email spam, Blacole drive-by downloads, or downloads by BackDoor-FJW. From a behavioral Read more…