Windows Addresses the Changing AutoRun Threat Environment

The latest malware threats from across the security forums

Moderators: Admin Team, Moderators

User avatar
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ

Windows Addresses the Changing AutoRun Threat Environment

Postby TeMerc » Tue Apr 28, 2009 11:10 am

AutoRun is the ability for a device, through the use of autorun.inf, to expose a set of tasks for the user to choose upon insertion of new media into the computer. This could be a USB drive, a CD or DVD, a network drive, or any other additions of new media. The user is shown the AutoRun tasks along with other functions via the AutoPlay dialog.

About a decade ago, diskette use started to wane. Machines began to not include diskette drives anymore. And diskette viruses were effectively removed from the malware landscape. Today, USB media have appeared and are taking on the same role. In today’s malware landscape, AutoRun malware has dramatically increased in popularity. The following chart highlights the increase in the number of different malware samples we have come across in our lab that are detected as Worm:Win32/Autorun:

So, due to this rise in malware usage of the AutoRun system, the Windows 7 team has undertaken a dramatic step to block this specific threat.

The new changes will no longer expose the AutoRun entries in the dialog unless it is removable optical media (CD/DVDs). So, if a USB drive is inserted into a machine, the AutoRun choice will no longer be shown. In addition, changes have been implemented to help clarify actions about to be undertaken by the AutoPlay dialog

0-= Continued @ Microsoft Malware Protection Center

Return to “Latest Malware Threats”

Who is online

Users browsing this forum: No registered users and 2 guests