Source: Barricade Blog Twitter @barricadeio
Windows Task Scheduler (AT.exe) is well known to us all, but the Stuxnet worm has introduced the Zlob variants and click-fraud Trojan Bamital which researchers have found are continuing to make use of the Windows Task Scheduler. Some of this malware and new malware variants (including APT-attacks) are injecting malicious code into the Windows Task Scheduler which then uses the tasks to remain in memory. A high number of malware will be found in the Task scheduler and a quick glance at Task Manager should help identify malicious use of your system memory. Quick tip: Use Sysinternals Autoruns which lets you see the scheduled tasks (including the hidden tasks).