Autorun infections re-emerging in wild

A new malware outbreak is menacing users with a new twist on an old infection tactic, according to experts.

McAfee researcher Vinooo Thomas reported that the company was seeing a rise in the number of malware attacks spreading by way of removable drives.

Many of the attacks take advantage of autorun, a feature in Windows which allows for disks and removable drives such as USB thumb drives to automatically load content when the device is inserted into a system.

The feature can be disabled, and Microsoft recently released an update for Windows which allows users to better set autorun permissions for each drive to prevent devices from automatically launching code.

Still, however, the use of the autorun feature has become a potent way for malware writers to spread infections. Many have chosen to target thumb drives and other removable media by directing the trojan to not only infect the target system, but to also re-install the trojan on removable drives along with a specially-crafted auto-run file.

The infected drive can then either spread to the malware to a new host or re-install itself on a recently-cleaned system.

Thomas noted that the tactic brings back memories of some of the earliest computer viruses, which in the days before the internet spread themselves by infecting floppy disks shared over multiple systems.

"During the last couple of years we have seen malware authors increasingly incorporate the autorun.inf infection vector into malware families–with stunning success," Thomas wrote.

"While the autorun functionality in operating systems does provide some convenience (it saves a couple of clicks), it has single-handedly revived the 1980s model of hand-carried malware propagation."