Categories: traconsulting

Don’t Let Autorun Be Autoinfect

AutoRun has presented such a problem in recent years. There is a wide range of malware families that install or modify autorun.inf files in order to infect systems. In recent years, Microsoft has taken steps to address this loophole: First, by turning off AutoRun by default in Windows 7, then by making patches available for XP, Vista and Windows Server, and finally by pushing the changes out through

Windows Update so that many more systems would then be updated automatically. Better late than never, some would say.

Still, that change has greatly reduced the volume of malware infections exploiting the AutoRun facility, though it hasn’t (and can’t) make the problem disappear completely. Microsoft tells us that it saw infections on XP and Vista reduced by 1.3 million in the first few months after the changes to Windows update, but there are still high volumes of AutoRun infection attempts, indicating that there are other factors at play.

Consider, for instance, the fact that XP SP2 is out of support, so that the figures for machines that aren’t updated beyond that show only a small drop. But that doesn’t, of course, mean that they aren’t a channel for infection attempts. Don’t assume, either, that this single precaution will save you from every example of this type of threat. Most malware uses more than one technique to infect targeted systems.

Removable devices are useful and very popular. Of course, malware authors are well aware of this, as INF/AutoRun’s frequent return to the number one spot clearly indicates. Here’s why it’s a problem.

The default AutoRun setting in an unpatched version of Windows (apart from Windows 7) will automatically run a program listed in the autorun.inf file when you access many kinds of removable media.

There are many types of malware that copy themselves to removable storage devices. While this isn’t always the program’s primary distribution mechanism, malware authors are always ready to build in a little extra “value” by including an additional infection technique.

As always, if you are unfortunate enough to be running an infected PC, contact your local virus removal experts, TRA Consulting: info@traconsulting.us or 562-225-4222

TRA

traadmin

Recent Posts

Cybersecurity

Cybersecurity is becoming more important every year. We might not hear about it on a…

4 years ago

Artificial Intelligence

One of the newest technologies of the past decade that has been growing the fastest…

4 years ago

Multiple locations and collaboration? No problem

I want to highlight a ways that we achieve collaboration in diffuse, decentralized work environments…

4 years ago

Increasing Redundancy with High-Availability Firewalls

As a technology provider, I am always looking for good solutions to decrease risk and…

4 years ago

Onshoring is going bust, offshoring and remote work go hand in hand

Hi! I`m Thomas Andersen, President of TRA Consulting, and today I want to share with you somewhat…

4 years ago

Now is the time to grow your business

Hi! I`m Thomas Andersen, President of TRA Consulting, and today I want to share with…

4 years ago

This website uses cookies.