Malware using Windows Task Scheduler


Windows Task Scheduler (AT.exe) is well known to us all, but the Stuxnet worm has introduced the Zlob variants and click-fraud Trojan Bamital which researchers have found are continuing to make use of the Windows Task Scheduler. Some of this malware and new malware variants (including APT-attacks) are injecting malicious code into the Windows Task Scheduler which then uses the tasks to remain in memory. A high number of malware will be found in the Task scheduler and a quick glance at Task Manager should help identify malicious use of your system memory. Quick tip: Use Sysinternals Autoruns which lets you see the scheduled tasks (including the hidden tasks).

November 4, 2011
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023