Malware Authors Exploiting Autorun Utility to Spread Infections

Security researchers at McAfee have warned that a new malware attack has been launched which is an improvement over the familiar Autorun infection. An Autorun infection is one that spreads through a removable drive featuring Autorun that loads content on a computer automatically when the detachable drive is attached to it. However, although the Autorun utility in computers' OS saves a few clicks, enhancing the user's convenience, it could cause malware to propagate.

Thus, malware authors are increasingly exploiting this utility to spread infections, say the security specialists. Accordingly, the offenders are attacking drives as well as other detachable media with a combination of a Trojan and 'autorun' file that is crafted to infect the system being targeted and then to place itself again on a different detachable drive. This new infected drive could subsequently transmit the malware to another computer, or install itself again on a just cleaned system.

Recently, McAfee has observed that there is a voluminous increase in malware attacks disseminating infections through the autorun feature. McAfee Researcher, Vinoo Thomas, states that over the recent years, malware writers inserted the infectious autorun.inf vector into malicious programs in an increasing number of instances and got remarkable success, as reported by McAfee on March 4, 2009.

Furthermore, two greatly prevalent parasitic viruses, which have been combined with the autorun infection medium, are W32/Virut and W32/Sality. On plugging a detachable drive into the infected system, W32/Sality corrupts Microsoft Minesweeper or Notepad by infecting them and makes its copy for the detachable drive. Also, the infected winmine.exe or notepad.exe is given a new name having a .scr or .pif extension along with adding to it a confusing autorun.inf.

As a measure of security, a user could disable the autorun facility based on Microsoft's Windows update that enables computer users to establish permissible autorun facility for every drive so that devices can be prevented from automatically installing code. The update was issued after Microsoft discovered that the security loophole being exploited is in over six Office versions including Office 2007, 2000 and Office 2007 and 2004 for Mac OS X.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 3/13/2009