Autorun Malware Declined Since Update: Microsoft

 
 
By Fahmida Y. Rashid  |  Posted 2011-06-15
 
 
 

There appears to be a significant drop in the number of computers that have been infected by malware exploiting the Windows autorun feature, according to Microsoft.

Autorun allowed programs to launch automatically when a CD or USB drive was inserted into a Windows PC. While it sounded great in theory, the feature was gleefully exploited by cyber-criminals who took advantage of the feature to infect computers with malware loaded on USB sticks. The infamous Conficker worm is just one of the many autorun malware out there.

Microsoft rolled out an update in February to modify the autorun functionality in Windows XP and Vista so that malware can't infect computers without user permission. Prior to the update, administrators had to muck around in the system registry or install a hotfix manually on older Windows versions.

By May 2011, the number of infections found on scanned computers had dropped by 59 percent on XP systems and 74 percent on Vista, compared to 2010, Holly Stewart, a member of the Microsoft Malware Protection Center wrote on the Threat Research and Response blog on June 14.

Autorum malware has decreased 62 percent on Windows XP SP3, 68 percent on Windows Vista SP1 and over 82 percent decrease on Windows Vista SP2, according to Stewart. In total numbers, Microsoft's antimalware programs recorded 1.3 million fewer infections hitting XP and Vista between February and May. There were 1.8 million infections in June 2010 alone.

Disabling Autorun doesn't mean the malware is eradicated entirely, as some samples have alternative techniques to spread, such as replicating on network shares, guessing passwords, and exploiting old vulnerabilities, Stewart said. However, it appears that for major malware families, including Conficker, Taterf and Rimecud, the ability to execute as soon as the thumb drive was attached to a computer was a "lucrative one," Stewart said.

However, autorun hasn't been completely disabled, as CDs and DVDs still use the autorun capability. There are no malware samples exploiting autorun on those media as of yet.

Rocket Fuel