In association with heise online

29 April 2009, 09:18

Windows 7: AutoRun offers no chance to worms

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The continuing circulation of the Conficker worm has prompted Microsoft to make changes to the AutoRun function in the Windows 7 release candidate, due for release tomorrow. As well as exploiting vulnerabilities in Windows and guessing simple passwords, Conficker also penetrates computers by using the Windows AutoRun function, which allows programs to be run automatically when a USB flash drive is connected or CD inserted.

Conficker programmers have also taken into account the behaviour of AutoRun under Vista, where the AutoRun function requires confirmation from the user. After connecting an infected USB flash drive, the AutoRun dialogue box shows a fake icon to fool users into thinking that clicking on it will open a folder. Instead, it runs the worm. Suspicions should be raised by the apparent duplication of the menu item for opening the folder, but nevertheless this trick has clearly been, and remains, fairly effective.

To stop users from falling into this trap in future, Microsoft has completely removed the option of running a program from the dialogue box for writeable media such as USB sticks, memory cards and external drives. The change does not, however, apply to CDs and DVDs. Testing will be required to determine what this means for U3 USB drives, which emulate a CD-ROM.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit