In an unexpected turn of events, antivirus vendors are once again warning customers of spreading malware that can infect computers through a well-known bug in Windows Autorun software. This is particularly surprising given that the Autorun function has been disabled in Windows 7 and Windows 8 PCs. Perhaps an even more curious detail is that Microsoft has released two patches for older systems, making the spread of this AutoRun malware a real puzzler. Well, maybe not all that puzzling.
Security experts seem to think that the infections are occurring through a combination of unpatched computers, shared folders and files, and social media. However, according to Chester Wisniewski, a senior adviser for the security vendor Sophos, the majority of these infections are not due to a handful of hackers exploiting a 4 year old Windows bug. Said Chester, “spreading through the file shares is probably the primary vector to get people in trouble.” He went on to explain that the latest malware disguises itself as files and folders in writeable network shares and removable devices, while hiding the originals. The malware will also create phony files with enticingly generic names like “porn” and “sexy” and a folder titled “passwords,” with the obvious intention being to trick curious users into clicking on them.
To protect yourself and your company, security experts recommend disabling Autorun and restricting write permissions to file shares. The malware has several names, including W32/VBNA-X, W32/Autorun.worm.aaeb, W32.ChangeUp and WORM_VOBFUS, but no matter the name, this infection can really ruin your day. If you’re not a Ripple client and you’re still running an older Windows operating system, we recommend you learn how to disable AutoRun and restrict those file permissions. Oh, yeah, and avoid clicking on mysterious files or folders labeled “porn.” That’s good advice no matter what OS you’re running.