Feeds

Malware abusing Windows Autorun plummets

You'll never guess why

Protecting against web application threats using SSL

Microsoft saw a sharp drop in malware infections that exploit a widely abused Windows Autorun feature almost immediately after it was automatically disabled in earlier versions of the operating system.

As measured by Microsoft's various antimalware programs, Windows XP and Vista suffered 1.3 million fewer infections in the three months following February's retirement of Autorun compared with the three month preceding the change. By last month, attacks hitting Vista machines plummeted 74 percent and fell by 59 percent for those running XP.

Entire families of malware – including Conficker, Taterf, and Rimecud – owe much of their prominence to Autorun, which was designed to make life easier for users by executing code embedded on thumb drives when they were attached to a computer without first prompting the user. Worms and trojans have been abusing the feature for more than a decade to propagate malicious payloads each time an infected drive was inserted.

Microsoft finally killed much of Autorun in Windows 7, but users who wanted to disable the feature in earlier Windows OSes had to make manual changes to their system registry or install a hot fix on Microsoft's website. All of that changed in February, when the company's security team finally began pushing out an automatic update that made the change the default behavior in all supported versions of Windows.

As of last month, Microsoft saw a little more than 400,000 infections by malware that abused the feature, down from a peak of about 1.8 million in June 2010, as shown in the chart below, which Microsoft provided on Tuesday. Almost immediately after the update was released, Microsoft saw a similarly drop in infection attempts, although it wasn't quite as precipitous.

Chart showing infections targeting autorun

Source: Microsoft

What took so long?

The data raises the obvious question: If automatically retiring Autorun reaped such clear benefits, why didn't Microsoft do it years ago?

“There was a lot of work in the industry to get people moved over to new technology built into Windows, and we felt that we had finally got to that point where the industry was in agreement with us that it was time to push it out to everybody,” Jerry Bryant, group manager in Microsoft's Response Communications, told The Reg.

The delay demonstrates one of the challenges that comes when a company commands a market share as massive as Microsoft's Windows. Changes that clearly benefit users have to be weighed against the inconvenience of hardware and software partners, whose embrace is part of the reason Windows is as widely used as it is.

Even now, Autorun hasn't been completely disabled. Windows will dutifully execute code embedded into CDs and DVDs that are inserted into computers. To date, malware criminals have shown little interest in exploiting the weakness, but its survival is a reminder of the tradeoffs that come from keeping users secure. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.