All details, description and effects of Autorun.JSE
At a glance
It allows to get into the affected computer.
It generates a large amount of network traffic activity with the consequent consumption of bandwidth.
It uses stealth techniques to avoid being detected by the user.
, across the Internet, via mapped drives, through shared network resources, by infecting files that are then distributed.
First detected on:
Jan. 22, 2010
Detection updated on:
Jan. 22, 2010
Autorun.JSE is a Trojan, which although seemingly inoffensive, can actually carry out attacks and intrusions.
In the local network:
it generates a large amount of network activity and consumes bandwidth.
It uses stealth techniques to avoid being detected by the user:
It uses techniques included in its code to hide itself while it is active.
Autorun.JSE uses the following propagation or distribution methods:
Exploiting vulnerabilities with the intervention of the user: exploiting vulnerabilities in file formats or applications. To exploit them successfully it needs the intervention of the user: opening files, viewing malicious web pages, reading emails, etc.
Via Internet, exploiting remote vulnerabilities: attacking random IP addresses, in which it tries to insert a copy of itself by exploiting one or more vulnerabilities.
Computer networks (mapped drives): it creates copies of itself in mapped drives.
Computer networks (shared resources): it creates copies of itself in shared network resources to which it has access.
File infection: it infects different types of files, which are then distributed through any of the usual means: floppy disks, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
At a glance
Autorun.JSE allows hackers to get into and carry out dangerous actions in affected computers, such as capturing screenshots, stealing personal data, etc.
It avoids being detected by the user by using the following techniques:
Techniques included in its code to hide its files and processes while it is active.
It causes a loss of productivity in the local network to which the compromised computer belongs:
It generates a large amount of network activity and consumes bandwidth.
Means of transmission
Propagation through the exploits of remote vulnerabilities:
Autorun.JSE carries out the following process:
It spreads by attacking IP addresses obtained at random or from the network to which the infected computer belongs.
It tries to access the IP addresses under attack by exploiting an existing vulnerability or through an open port.
If it does this, it downloads a copy of itself onto the vulnerable computer.
Propagation via mapped drives:
Autorun.JSE checks if the infected computer is connected to a network.
If so, it makes an inventory of all mapped drives and creates a copy of itself in each of them.
Propagation through shared network resources:
Autorun.JSE checks if the infected computer is connected to a network. If so, it tries to spread to the shared network drives.
To do this, it tries to gain access to these shared drives, using typical or easily guessed passwords.
Distribution of infected files:
Autorun.JSE does not spread automatically using its own means, but infects files of the following types:
They reach computers when previously infected files are distributed, entering computers through any of the usual channels: floppy disks, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
Autorun.JSE has the following additional characteristics: