Jump to content

AutoRun-Based Malware Attacks on the Rise


Recommended Posts

Czech antivirus vendor AVAST Software warns of a increasing number of AutoRun infection attempts, a trend that is likely to continue this month.

According to data gathered by the company from its user base, one in eight malware attacks, out of the 700,000 recorded during the last week of October, came from USB devices.

"AutoRun is a really useful tool, but it is also a way to spread more than two-thirds of current malware," says AVAST Virus Lab Analyst Jan Širmer.

"The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers – which were also spread via infected memory sticks," he adds.

The prevalence of removable storage devices is a contributing factor to the problem. It's not just USB memory sticks or external hard disk drives that can carry malware, but also devices like digital cameras, mobile phones, or MP3 players.

AVAST's findings are also reflected in statistics released by other antivirus vendors. Kaspersky Lab places Kido (Conficker) at the top of its most prevalent malware list for October.

This infamous worm, which reached its infection peak during the spring of 2009, spreads by copying itself to USB devices, among other methods.

AutoRun has become such a big threat, that many security experts recommend disabling it entirely, based on the idea that its benefits don't justify the risks.

This can be done with free tools, like the Panda USB Vaccine, which also allow users to "vaccinate" USB devices inserted into the computer.

This process involves creating a special autorun.inf file in the root of the removable storage device, which cannot be removed or modified by normal means.

People who don't want to disable AutoRun are advised to use antivirus products with on-access scanning capabilities and keep this component turned on at all times.


Link to comment
Share on other sites

  • Replies 1
  • Views 502
  • Created
  • Last Reply

Yeah and how bout all of those false positives from from AutoIt! .. that are part of these ..'portabilized' applications... Not saying its not true.. but just sayin'...

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...