AfterDawn: Tech news

Windows update dents 'Autorun' malware prevalence

Written by James Delahunty @ 22 Jun 2011 10:27 User comments (6)

Windows update dents 'Autorun' malware prevalence

Update earlier this year halts surge of 'Autorun' malware family infections.
Microsoft released an update on February 8 for the Windows XP and Windows Vista platforms. The update targeted the "AutoPlay" feature of the operating system that let an Autorun.Inf file in removal media dictate what to execute immediately upon insertion.

The change would stop the Autorun feature from being enabled automatically on the platforms, except in the case of optical disc media. The update was sent out in response to a surge of detections of malware abusing the Autorun system to spread by removal media (USB sticks etc.)

Microsoft security products had tracked the malware under the family Win32/Autorun, and toward the end of 2010, the number of detections on systems skyrocketed past other frequently detected malware such as Win32/Conficker, Win32/Rimecud and Win32/Taterf.





Last week, Microsoft provided some statistics to show how effective the small change to the Autorun feature was at dropping the infection rate (again with data from Microsoft products, such as the Malicious Software Removal Tool delivered via Windows Update each month.)

By May, the number of infections found by Microsoft security products (of the Autorun family) had declined 59 percent on Windows XP systems, and 74 percent on Windows Vista, compared to the infection rates in 2010. The results also varied based on what service packs had been installed, with Windows Vista SP2 seeing an 82 percent decrease.

There was very little difference for Windows XP SP2 since it is out of support and didn't get the update, and likewise Windows 7 wasn't an issue to begin with as it already has a safer Autorun feature built in.



Total infections did not completely disappear because for much of the malware, the Autorun exploitation was only part of their strategy to propagate. On top of that, some of it is downloaded by other malware onto systems.

Previous Next  

6 user comments

122.6.2011 12:09

Not simply doing whatever the disk tells it to? Brilliant! Here I get bugged about every single download before I run it, and windows defaults to run programs without my permission...typical Microsoft security.

222.6.2011 14:38

yeah even tweakui in xp set to disable autorun didn't work even with sp3,bloody useless also note they knew about autorun virus in 2010 & yet only release a patch this year pathetic

322.6.2011 16:35

My free virus scanner blocks all autoruns unless you tell it is OK. That rairly happens. Who would keep an auto run on a memory stick in the first place????

All hail M$. I am glad to see how smart they are.

422.6.2011 21:42

Originally posted by KillerBug:
Not simply doing whatever the disk tells it to? Brilliant! Here I get bugged about every single download before I run it, and windows defaults to run programs without my permission...typical Microsoft security.
Gee I don't have that problem. Maybe it is not Microsoft Security that is the problem?

523.6.2011 11:48

Originally posted by bobiroc:
Originally posted by KillerBug:
Not simply doing whatever the disk tells it to? Brilliant! Here I get bugged about every single download before I run it, and windows defaults to run programs without my permission...typical Microsoft security.
Gee I don't have that problem. Maybe it is not Microsoft Security that is the problem?
I dont have that problem either.. usually most security problems are beteen the keyboard and the chair....

623.6.2011 13:08

Originally posted by Mez:
My free virus scanner blocks all autoruns unless you tell it is OK. That rairly happens. Who would keep an auto run on a memory stick in the first place????

All hail M$. I am glad to see how smart they are.
Techs do to test and install programs on PC's plus people that don't use optical media do as well to install programs. So it has its usefulness.

It may be a dangerous feature but it is useful one too and that is what security software is for to catch a program that is doing something it shouldn't be doing, not disabling Autoplay. I'm sure MS has just changed the Registry key for this which is easy to get around if so. If that is the case it will be no different than the horrible UAC which is worthless.

Comments have been disabled for this article.

News archive