Windows malware infections from Autorun exploits down by 82% from 2010
According to a Microsoft Technet Blog article published on June 14, 2011, Malware infections resulting from exploits involving Autorun (like when you plug in a USB memory device and it runs a program or setup automatically) have dropped by 82% from the numbers recorded during the same period in 2010.
The percentage of decline varied with the operating system and service pack installed. Windows XP users who have Service Pack 3 installed saw a 62% drop in Autorun installed malware, after accepting the optional patch issued on Feb 8, 2011, or the forced installation of the reissued patch, pushed out on February 24, 2011.
If you are operating a Windows XP computer with any service pack older that SP 3, your version of Windows is now out of support and you are no longer receiving any critical patches. Thus, your computer is not protected against this, or any other recently patched vulnerabilities. If it is connected to the Internet, or if you plug in an infected USB device, unless you have manually edited your computer's Registry to disable Autorun, or it is running industrial strength anti-malware protection, it will eventually become infected and probably botted.
Computers running on Windows Vista with SP1 saw a 68% decline, while those with SP2 installed had a whopping 82% drop in malware installations.
Note! Microsoft will stop supporting Windows Vista Service Pack 1 on July 12, 2011. From that date onward, Microsoft will no longer provide support or free security updates for Windows Vista Service Pack 1 (SP1). You folks need to upgrade to Vista SP 2 by July 12, 2011, or you will not receive any more updates or patches.
Why have Autorun infection rates dropped so dramatically?
The drop in malware infections from Autorun exploits is attributable to patch KB971029 that Microsoft released optionally, with the Windows Updates of February 8, 2011, which turned OFF Autorun for "non-shiny" media (e.g. CDs, DVDs) and two weeks later, as a non-optional update. Before then, if you plugged a USB stick (a.k.a. thumbdrive, flash drive) into your Windows XP or Vista computer and there was a setup file on that memory device, it would run automatically. With the update installed, flash drives inserted into a PC running XP (SP3), or Vista no longer offer the option to run programs. However, the demise of AutoRun does not affect CDs or DVDs (just USB devices or shared network drives).
Some notorious infections went so far as spoofing the wording of options on the dialog box that usually opens when you plug in a USB device. The wording was crafted to induce unwary users into choosing the spoofed option, which was rewritten to appear that if clicked upon, it would open the drive as a folder, for them to look at. In fact, that option was still there, as the next option down! The first one executed a hidden file on the device, named "autorun.inf" - which triggered a hidden executable file on the drive, which was a malware/spyware setup file. Because of its being the first choice and the craftiness of the wording, many thousands of intelligent people were fooled into clicking it and installing the malware contained on those devices.
It was by means of infected thumb-drives that allowed the Conficker Worm to spread so widely and quickly in late 2009 and early 2010.
You can verify which operating system and service pack your computer is running by right-clicking and left-selecting "Properties" onthe icon for (My) Computer, which is in the upper right side of the Start Menu, that opens when you click the Start button. You may even have an icon labeled My Computer on your Windows Desktop. If so, right-click on it and left-select Properties.
When the Computer Properties box opens, it should be on the "General" tab. You will see your OS type and any service packs installed, in the upper section. You can also learn about the speed of your CPU and amount of installed RAM, in the lower section of the box.
If you have Windows computers running XP with Service Pack 3, or Vista, with Service Pack 2, you should have already received the February 2011 Windows Update that effectively disables Autorun on removable non-shiny disk drives. However, it is possible that you have just acquired a used computer and perhaps it hasn't been online in a long time. If it has XP SP 3, go directly to Windows Update, via either Internet Explorer > Safety > Windows Update, or, via the link to Windows Update in the upper right area of the "Start Menu."
Once the Windows Updates site loads in Internet Explorer (no other browser works for Windows Updates, because the site uses ActiveX Controls), click the Express button and accept all available updates. You will need to restart your PC, then return to the Windows Update site and see what new updates become available, as a result of updates just applied. Do this, rebooting as requested, until no more Express Windows Updates appear.
If you are using a PC that is running a licensed, older version of XP, like SP 1 or SP 2, or even no Service Pack at all, you must go to the Microsoft Download Center and download the missing service packs, then install them manually. You need the previous service pack to get the newer ones. This is all explained on this Microsoft page about downloading and upgrading XP service packs. Alternately, you can order the service pack upgrade on a CD, and just pay for postage. You get the CD, plop it into the CD drive, then follow the directions to upgrade to SP 3.
Note, that when you download a service pack for manual installation, it will check to make sure you have a valid copy of Windows. If you do, you can upgrade to the latest and greatest service pack. If you don't have a valid license, you can call Microsoft and see if they will sell you a license, or, if you are able to find somebody who still has an unused XP license, on a hologram sticker, buy it from them, then contact Microsoft about activating the OS with that Product Key.
If you want to learn how to disable Autorun manually, by editing your Windows Registry, read the article I wrote about disabling Autorun on January 22, 2009. People with XP SP 2 computers can use this technique to protect their computers, while they decide about upgrading to SP 3. If you do upgrade, all current Windows Updates are available to you.
If you are reading this on a Windows 7 PC, you are already protected from Autorun exploits. Your operating system has disabled that function, by default, from the day it was released. You would need to hack your Registry to turn Autorun on.
I hope this helps someone, somewhere.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.