Latest news
Autorun-based threats, spread when users insert infected USB sticks without checking them for viruses, caused a whopping 12 percent of global infections in the first quarter of 2012. The threat persists even though the Autorun feature was eliminated from operating systems starting with Windows Vista SP1 in 2008.
“The magnitude of this threat - so many years after it should be extinct - is astonishing,” said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Some of the heavy-hitters of the virus world - such as Downadup and Stuxnet - spread this way. Prevention should be a simple matter.”
The mass introduction of USB storage devices and the apparition of the Autorun feature in Windows have been widely exploited since the early 2000s. Within five years, Autorun worms reached epidemic proportions, Autorun-based threats have dominated the malware landscape report since.
Five facts about Autorun-based malware:
1. The Autorun.inf file is not malicious itself. It is used by some families of malware that copy themselves on USB sticks to force the computer to automatically execute them when an infected stick is plugged into a Windows-based PC.
2. Among the most important families of malware that use the Autorun exploitation to spread are Stuxnet, Downadup, Sality, Rimecud or OnlineGames.
3. Autorun-based malware can copy itself on MP3/MP4 players, mobile phones, CF cards (such as those in digital cameras) and other devices. When plugged in other PCs, the malware is executed automatically.
4. Since autorun.inf files are plain-text files that can be opened and analysed, malware creators obfuscate their creations to make them unreadable by humans. However, this is also their weak point. This degree of obfuscation is uncommon in text files and triggers AV detection.
5. Trojan.AutorunInf (a detection that intercepts rogue autorun.inf files) has been the number one source of infection for more than three years in a row. During this time, it has helped various malware families infect millions of computers worldwide.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
