Sophos and TrendMicro, and anumber of other security firms, are reporting a dramatic increase in the prevalence of a worm using AutoRun and social engineering to proliferate.
If you thought Microsoft solved the AutoRun problem, you aren’t alone.
They tried to shut it down after
it was famously and cleverly used to spread earlier variants of the Stuxnet worm that targeted the industrial control systems that controlled centrifuges at Iran’s Natanz nuclear enrichment facility. However, as we continue to move further and further from that date, and we continue to see the word AutoRun popping up in headlines, it is increasingly becoming
one of those network security nuisances that just won’t go away.
Part of the problem here,
according to Sophos, is that users still aren’t very good about patching their machines. It’s the same, simple old problem that never seems to change. Despite the fact that Microsoft shipped a patch to disable AutoRun nearly two years ago, some users still haven’t gotten around to implementing it. So the worm is spreading, in large part, through autorun.inf files loaded onto removeable media and writeable network shared.
