Warning! New Malware that Exploits Windows AutoRun is in the Wild

Sick Computer

Sick Computer by Ali Ender Birer | BigStock

Security firms are warning customers about the spreading malware that can infect PCs through a well-known Windows AutoRun bug. In addition, there is a significant increase of infection in Windows 7 and Windows 8 PCs.

What makes this weird is that the said operating systems won’t run autorun.inf files, and Microsoft has already released two patched for the said OSes. Thus, antivirus vendors believe that the malware exploit are spreading with the combination of unpatched computers, shared folders and files, and social media.

How the Latest Malware Infects Windows PCs

It was reported that the malware can spread when a USB drive or memory stick that carries the virus is inserted in an unpatched PC. The infection can also occur on other system when someone clicks on an infected file or folder, as well as when it travels to a shared network.

The malware is also tracked by McAfee, Symantec and Sophos. Although it is interesting to know that cybercriminals are still exploiting a four-year-old bug, Sophos says that majority of infected corporate PCs got the malware through network sharing.

In addition, Trend Micro reported that malware was also spreading on Facebook. Clicking the malware on Facebook would open an easy access to a folder on a shared network. As stated by Sophos’ Chester Wisniewski:

I would say the AutoRun part of it is probably not the source of the majority of the infections. It’s just an interesting note that [criminals] are still using it. I think spreading through the file shares is probably the primary vector to get people in trouble.

The security firm also added that the latest malware disguises itself as files and folders found in shared networks and removable devices. It will also create .exe files labeled as “porn”, “sexy” and “passwords” to lure people to click on them.

It will then add a registry key that will start when the PC is booted up. The malware also comes in other forms, which will disable Windows Update to prevent the user from downloading patches that will disable the virus. Once a PC is infected, it will then contact a command-and-control server to receive instructions and other applications.

Prior to this, Microsoft released an AutoRun patch in 2009, a month after the US Computer Emergency Readiness Team issued a warning that Windows 2000, XP and Server 2003 was not able to turn off the feature properly.

Leave a Comment