Eighteen months ago, Microsoft proclaimed a victory over autorun malware – a problem that had plagued Windows for years. As eWEEK described it back in June 2011:
Microsoft rolled out an update in February to modify the autorun functionality in Windows XP and Vista so that malware can’t infect computers without user permission. By May 2011, the number of infections found on scanned computers had dropped by 59 percent on XP systems and 74 percent on Vista, compared to 2010.
However, the article went on to say that the malware wasn’t eradicated completely, so users beware. And sure enough, last week, the Autorun malware was making headlines again, but with a slightly different twist, as PC World pointed out:
The significant increase in infection is curious because Windows 7 and Windows 8 PCs will not launch autorun.inf files, and Microsoft has released two patches for older systems. Therefore, security experts believe infections are happening through a combination of unpatched computers, shared folders and files, and social media.
The malware is spreading through older means – an infected USB drive plugged into an unpatched computer, for example – but the spread through social media and shared folders shows that those creating the malware understand that we aren’t sharing media the way we did even a year ago. The cloud and social media and other technologies have reduced the need to share CDs or DVDs or USB drives, and the bad guys have obviously picked up on that. Hence, the new rise of an old malware problem.
The latest malware disguises itself as files and folders in writeable network shares and removable devices, while hiding the originals. The application will also create .exe files named “porn” and “sexy” and a folder called “passwords,” to entice people to click on them. The malware adds a registry key, so it can start when a PC is booted up. Variants of the application will disable Windows Update to prevent the victim from downloading patches to disable the malware.
To prevent the malware from hitting your computer, security experts recommend disabling Autorun on all Windows operating systems. The new outbreak of the Autorun malware is also a good reminder of why you should always make sure you download new patches as soon as they come out. (No word yet if this will be addressed in the December Patch Tuesday.)