

AutoIt and Malware: What’s the Connection? - edne
http://blogs.mcafee.com/mcafee-labs/autoit-and-malware-whats-the-connection

======
itsame
I've used AutoIt fairly heavily in the past and can say from experience that,
in many ways, it is indeed very convenient for rapid Windows development.

Still, to more directly answer the "question" presented in the article title,
I'd say that there is no connection between AutoIt and malware -- at least no
more than any other malware authors' languages of choice. It's unfortunate for
legitimate developers that malware authors (unsurprisingly) find the
convenience to work for them as well. That doesn't excuse anti-malware vendors
for labeling executables as malware _just_ because they were developed using
AutoIt. The UPX packing that comes out-of-the-box with the AutoIt "compiler"
doesn't help either -- it's like a one-two combo for false-positives, since
anti-malware software also frequently get tripped up by EXE packers like UPX.

AutoIt-based stuff that I've distributed in the past have fallen victim to
AutoIt+UPX false-positives, and it's teeth-grindingly annoying for your stuff
to be perfectly fine for a long stretch of time, only to find people knocking
on your e-door the next day grilling you about distributing malware just
because the anti-malware vendors updated their signatures to block AutoIt --
_again_.

