In an anticipated move, Microsoft has recently decided to improve security on the Autorun feature available on its Windows platforms, specifically relevant to Windows XP. The solution provided by Microsoft disables applications from launching automatically from a removable device, and hopefully limits the number of malware that spread through devices such as USB drives.

For the uninitiated, Autorun is a feature that is used to run an application automatically when you insert removable media – CD, DVD, USB storage devices, etc on your computer. While it has its practical uses, this feature has been exploited over the last few years by malware to spread themselves, especially in India.

Shown below is an example of what the contents of a potential malicious autorun.inf [Configuration file for Autorun] could look like:

When a removable device containing the above autorun.inf, and its associated DeliveryReport.exe, is inserted on a Microsoft Windows XP computer with default settings, the malicious file – DeliveryReport.exe is automatically executed without any user interaction.

Below is a chart indicating the top malware types as seen by K7 from various sources in the previous quarter:

Given the absolute numbers of malware out there, the above chart shows a significant proportion of Autorun worms. When we consider K7’s Indian clients alone, the numbers are even more alarming, since almost 50% of malware submitted use Autorun to spread. Furthermore, destructive malware such as Stuxnet and Sality also have Autorun spreading capabilities.

Most Anti-Virus vendors, including K7, have already incorporated threat specific Anti-Malware security features in their products to thwart such Autorun malware. Although Microsoft’s solution is applicable only for USB storage media, and not for CD/DVDs, this optional software upgrade is still a welcome move and we implore our customers to download and install it. For more information on this software upgrade, please visit Microsoft’s site.

Lokesh Kumar
K7 TCL

Like what you're reading? Subscribe to our top stories.

If you want to subscribe to our monthly newsletter, please submit the form below.