Malware Using Windows Task Scheduler

Do you even know that Windows has a built-in Task Scheduler? And if you know it, do you ever use it? Personally, I haven't used it in years.

But that doesn't mean that the vermin of the Internet don't know about Task Scheduler. They just love these bits and pieces of Windows that users never think about. In fact, they love them almost as much as they love your money. And why not? Features like Task Scheduler help them steal your money.

The Task Scheduler does exactly what the name implies: It launches programs and runs tasks in ways that don't involve user interaction. You can see why malware developers would love this. In an InfoWorld blog post, Security Adviser Roger A. Grimes explained how unethical hackers take advantage of Task Scheduler. "For example, malware will often create a task that looks for certain preconditions to launch, downloads new malicious code on a schedule, or uses scheduled tasks as a way to always remain in memory. I've seen malware hunters struggle to find out how the malicious code 'keeps re-infecting their clean system.' Answer: Check the Task Scheduler."

So load that Task Scheduler and see if there's anything suspicious in it. In Windows 7 or Vista, you can simply click Start, type "task scheduler" (without the quotes) and select the program. In XP, click Start, then select All Programs, Accessories, System Tools, and Scheduled Tasks.

Here's another option: You can download and run Microsoft's Sysinternals Autoruns. This handy little program, which you don't even have to install, lists all of your scheduled tasks and provides information on each of them. (It also lists all of your drivers and every program that loads when you boot.)

Of course, if you have Trend Micro Titanium installed and up-to-date, those malicious programs will never even get a chance to plant themselves in Task Manager. And if one is already there, Titanium will remove it. Check the various versions of Titanium to see which is best for your needs.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Security Watch Newsletter