What Windows Autorun Has Wrought
A new report by Microsoft shows that the two most prevalent threats to Windows PCs in the first half of 2009 were malicious programs that have been aided mightily in their spread by a decision by Microsoft to allow the contents of removable media -- such as USB thumb drives -- to load automatically when inserted into Windows machines.
In its latest "Security Intelligence Report," Microsoft counted the number of threats detected by its anti-malware desktop products, and found that the Conficker worm, along with a Trojan horse program called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers, respectively.
The original version of Conficker emerged nearly a year ago, and initially it spread by exploiting a networking vulnerability in Windows. But Conficker infections soared by the millions in January with the arrival of Conficker B, which introduced the ability to spread via the Autorun capability in Windows. Taterf spreads exclusively via Autorun.
Together, these two threats accounted for more than 35 percent of the top 10 malicious software infections in first six months of this year, Microsoft found (click the chart below for a breakdown of those threats). According to the previous Security Intelligence Report, more than 17 percent of infections in the second half of 2008 were by malware that can spread via AutoRun.
In April, after the third version of Conficker became front-page news and even fodder for feature story on 60 Minutes, Microsoft announced that its AutoPlay function would no longer support AutoRun for USB drives. Autorun is disabled for USB drives in Windows 7 (the new OS still automatically plays any inserted CDs and DVDs). In late August, Microsoft released a patch that similarly disables Autorun on Windows XP, Vista, Windows Server 2003 and Server 2008 systems.
However, this patch does not appear to have been pushed out through Microsoft's Automatic Updates or Windows Update, so if you'd like to install it, you'll need to visit this link and download the appropriate version for your operating system. Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB thumb drives. Wilders Security Forum has a nice writeup on this patch, and offers some harmless sample code to test whether your Windows box has this feature enabled.
As a feature first introduced way back in Windows 95, Autorun had...well, a pretty good run, particularly considering how long malware has used it as a propagation method. Frankly, I'm surprised that Microsoft kept Autorun as the default option for as long as it did, given the company's Trustworthy Computing security initiative, launched in January 2002 with a memo from Chairman Bill Gates that memorably stated, "When we face a choice between adding features and resolving security issues, we need to choose security."
On a more positive note, Microsoft found that the number of infections associated with rogue security software fell to 13.4 million in the first six months of this year, down from 16.8 million in the latter half of 2008. Microsoft also tracked a tenfold decrease in infections from Zlob, a Trojan that masquerades as a video player plug-in. Redmond said Zlob infections fell from 21.1 million at its peak in 2007 to 2.3 million in the first half of 2009.
The key findings from Microsoft's Security Intelligence Report Version 7 are available here (PDF).
November 2, 2009; 11:55 AM ET
Categories: From the Bunker , New Patches , Safety Tips | Tags: autorun, microsoft
Save & Share: Previous: FDIC: Uptick in 'money mule' scams
Next: Spike in Social Media Malware, Phishing Attacks
Posted by: fastoy | November 2, 2009 11:22 PM | Report abuse
Posted by: moike | November 3, 2009 8:34 AM | Report abuse
Posted by: gannon_dick | November 3, 2009 8:54 AM | Report abuse
Posted by: bethjones | November 3, 2009 9:56 AM | Report abuse
Posted by: akmzrazor | November 3, 2009 10:08 AM | Report abuse
Posted by: rbaldwin2 | November 3, 2009 10:31 AM | Report abuse
Posted by: ProveMeWrong | November 3, 2009 11:59 AM | Report abuse
Posted by: washpost34 | November 3, 2009 1:54 PM | Report abuse
Posted by: bsallamack | November 3, 2009 2:46 PM | Report abuse
Posted by: blert | November 3, 2009 3:55 PM | Report abuse
Posted by: boboran | November 3, 2009 4:28 PM | Report abuse
Posted by: kkrimmer | November 3, 2009 5:52 PM | Report abuse
Posted by: Rixstep | November 3, 2009 9:00 PM | Report abuse
Posted by: bentleychan | November 3, 2009 10:34 PM | Report abuse
Posted by: vdev | November 3, 2009 11:34 PM | Report abuse
Posted by: gannon_dick | November 4, 2009 12:50 AM | Report abuse
Posted by: dward__ | November 5, 2009 11:34 AM | Report abuse
Posted by: BTKrebs | November 5, 2009 11:45 AM | Report abuse
The comments to this entry are closed.