June 15, 2011, 12:00PM
AutoRun Infections Plummet Following Upgrade
1 CommentA mid-February AutoRun update has had a dramatic effect on malware infection rates on the XP and Vista platforms, reducing infection rates using the AutoRun feature by as much as 68% across Windows platforms, according to Microsoft.
Infections via the AutoRun feature in systems running Windows XP Service Pack 1 fell by 62% . Systems running Vista Service Pack 1 saw a 68% decrease, and Vista Service Pack 2 saw an 82% decrease, Microsoft said. XP Service Pack 2 and Windows 7 saw little change as the first is no longer supported and the second had received a similar update at an earlier date.
AutoRun is a Windows feature that automates certain actions when external media, such as CDs, DVDs or removable drives are inserted into Windows systems. Specific families of malware have taken advantage of the feature and used it to spread between Windows systems, typically on removable USB drives. In June, 2010, mobile phone maker Samsung acknowledged that a batch of its S8500 Wave mobile phones, sold in Germany, were infected with an AutoRun virus, Win32/Heur, which was pre-loaded on a 1GB microSD memory card that shipped with the phones. That virus would spread to Windows PCs when the SD card or the phone was attached to them. The Conficker virus and the Stuxnet worm also, leveraged AutoRun to spread between Windows systems.
Editor's Pick
Microsoft has been slowly rolling out changes to the feature for years. Windows 7's AutoPlay feature eliminated features of AutoRun abused by malicious programs. The company later back ported AutoRun to earlier Windows platforms. In February, Microsoft issued a fix for its Windows AutoRun that would disable it on Windows systems.
The latest data from Microsoft measures decreases in AutoRun infections and is based on data from Microsoft's Malicious Software Removal Tool. Such infections refer to a ‘family’ of viruses related in that Microsoft detects AutoRun propagation behaviors in them.
The Seattle software giant claims that the infection rates on affected systems started dropping immediately after the upgrade was deployed. They expected this. Microsoft also saw a decrease in rates of infections on adjacent systems running the company's Forefront Client Security, Forefront Endpoint Security, and Microsoft Security Essentials.
Of course, AutoRun is often just one of many options for propagating used by malware. Microsoft’s Holly Stewart noted that, even with AutoRun disabled, Trojans can use any number of infection vectors including downloaders, droppers, and social engineering techniques.
Commenting on this Article is closed.
Today's Most Popular
- Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Dear Jailbreaker, Apple Wants to Have a Word with You
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- White House Security Czar Howard Schmidt Retiring
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
21%
Only connect to password-protected, secure connections
39%
Only use websites with HTTPS
26%
I don’t pay attention to how I access the internet while traveling
13%
Total votes: 61
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
Is my PC protected from Autorun infections if I use anti-spyware like XoftSpySE?