Windows update dents 'Autorun' malware prevalence

Windows update dents 'Autorun' malware prevalence
Update earlier this year halts surge of 'Autorun' malware family infections.

Microsoft released an update on February 8 for the Windows XP and Windows Vista platforms. The update targeted the "AutoPlay" feature of the operating system that let an Autorun.Inf file in removal media dictate what to execute immediately upon insertion.



The change would stop the Autorun feature from being enabled automatically on the platforms, except in the case of optical disc media. The update was sent out in response to a surge of detections of malware abusing the Autorun system to spread by removal media (USB sticks etc.)

Microsoft security products had tracked the malware under the family Win32/Autorun, and toward the end of 2010, the number of detections on systems skyrocketed past other frequently detected malware such as Win32/Conficker, Win32/Rimecud and Win32/Taterf.



Last week, Microsoft provided some statistics to show how effective the small change to the Autorun feature was at dropping the infection rate (again with data from Microsoft products, such as the Malicious Software Removal Tool delivered via Windows Update each month.)

By May, the number of infections found by Microsoft security products (of the Autorun family) had declined 59 percent on Windows XP systems, and 74 percent on Windows Vista, compared to the infection rates in 2010. The results also varied based on what service packs had been installed, with Windows Vista SP2 seeing an 82 percent decrease.

There was very little difference for Windows XP SP2 since it is out of support and didn't get the update, and likewise Windows 7 wasn't an issue to begin with as it already has a safer Autorun feature built in.



Total infections did not completely disappear because for much of the malware, the Autorun exploitation was only part of their strategy to propagate. On top of that, some of it is downloaded by other malware onto systems.

Written by: James Delahunty @ 22 Jun 2011 10:27
Tags
malware Windows Microsoft
Advertisement - News comments available below the ad
  • 6 comments
  • KillerBug

    Not simply doing whatever the disk tells it to? Brilliant! Here I get bugged about every single download before I run it, and windows defaults to run programs without my permission...typical Microsoft security.

    22.6.2011 12:09 #1

  • scorpNZ

    yeah even tweakui in xp set to disable autorun didn't work even with sp3,bloody useless also note they knew about autorun virus in 2010 & yet only release a patch this year pathetic

    22.6.2011 14:38 #2

  • Mez

    My free virus scanner blocks all autoruns unless you tell it is OK. That rairly happens. Who would keep an auto run on a memory stick in the first place????

    All hail M$. I am glad to see how smart they are.

    22.6.2011 16:35 #3

  • bobiroc

    Originally posted by KillerBug: Not simply doing whatever the disk tells it to? Brilliant! Here I get bugged about every single download before I run it, and windows defaults to run programs without my permission...typical Microsoft security. Gee I don't have that problem. Maybe it is not Microsoft Security that is the problem?

    AMD Phenom II 965 @ 3.67Ghz, 8GB DDR3, ATI Radeon 5770HD, 300GB 10,000RPM Raptor, 2TB Additional HDD, Windows 7 Ultimate.

    http://www.facebook.com/BlueLightningTechnicalServices

    22.6.2011 21:42 #4

  • bw5011

    Originally posted by bobiroc: Originally posted by KillerBug: Not simply doing whatever the disk tells it to? Brilliant! Here I get bugged about every single download before I run it, and windows defaults to run programs without my permission...typical Microsoft security. Gee I don't have that problem. Maybe it is not Microsoft Security that is the problem? I dont have that problem either.. usually most security problems are beteen the keyboard and the chair....

    23.6.2011 11:48 #5

  • Mr-Movies

    Originally posted by Mez: My free virus scanner blocks all autoruns unless you tell it is OK. That rairly happens. Who would keep an auto run on a memory stick in the first place????

    All hail M$. I am glad to see how smart they are.
    Techs do to test and install programs on PC's plus people that don't use optical media do as well to install programs. So it has its usefulness.

    It may be a dangerous feature but it is useful one too and that is what security software is for to catch a program that is doing something it shouldn't be doing, not disabling Autoplay. I'm sure MS has just changed the Registry key for this which is easy to get around if so. If that is the case it will be no different than the horrible UAC which is worthless.

    23.6.2011 13:08 #6

© 2023 AfterDawn Oy

Hosted by
Powered by UpCloud