Forgot your password?
typodupeerror
Security Worms

Spikes Detected In Autorun Malware 140

Posted by Soulskill
from the going-back-to-the-classics dept.
msm1267 writes "Researchers recently have seen a major increase in the volume of autorun malware in some countries, thanks to a couple of new worms infecting those older machines. The two new worms, Worm.JS.AutoRun and Worm.Java.AutoRun, both take advantage of the autorun functionality to spread, and the JavaScript worm has other methods of propagation, as well. Researchers at Kaspersky Lab say that the volume of autorun worms has remained relatively constant over the last few months, but there was a major spike in those numbers in April and May, thanks to the distribution of the two new pieces of malware."
This discussion has been archived. No new comments can be posted.

Spikes Detected In Autorun Malware

Comments Filter:
  • by bmo (77928)

    Because they keep being screwed by things like this all the time and there is no rioting band of geeks with pitchforks and shovels and rakes (and implements of destruction /Guthrie) demanding that this be removed from Windows.

    >autorun.inf

    The most dangerous thing to ever come out of a computer company. That this feature made it past review demonstrates the utter disregard for the most basic security at all, especially since boot sector worms had been around for years in DOS and Win3.1 before Win95 ever g

    • by JDG1980 (2438906) on Sunday June 16, 2013 @12:37AM (#44019689)

      >autorun.inf
      The most dangerous thing to ever come out of a computer company. That this feature made it past review demonstrates the utter disregard for the most basic security at all, especially since boot sector worms had been around for years in DOS and Win3.1 before Win95 ever graced us with its presence. Since Windows 95, it's been trivial to write auto executing code because Microsoft deliberately yanks down the pants and underwear of the end user and says "Go to it!"

      You're indulging in some 20/20 hindsight here. At the time Windows 95 was released, the only media that supported autorun.inf on insertion was CD-ROMs. (Floppy disks didn't do this, if only because the OS could not reliably detect when a disk was inserted in the drive.) Remember, at that time, CD-R drives were not mainstream computing devices; they were still very expensive and rare. (According to Wikipedia, the first CD-R drive under $1000 was not released until September 1995.) When Windows 95 was released, the idea was that only pressed CDs would autorun, and presumably MS thought that the vendors could be trusted not to ship malware. (The Sony rootkit scandal proved that was a mistake, but no one anticipated something like it at the time.) And let's be honest, in 1995, IT security wasn't really on the radar for home users.

      The real problem came with Windows XP. By this time, recordable CDs (and, later, DVDs) were commonplace. But Microsoft's biggest mistake was reusing their autorun code for other forms of removable media – such as thumb drives. Again, when thumb drives were first released, they were pretty expensive (I remember paying $100 for a 1GB thumb drive about a decade ago), so the best explanation is that Microsoft didn't think it likely someone would put malicious software onto a thumb drive and just leave it laying around or give it away – at the time, that would have been a rather costly strategy.

      Over time, as thumb drives became dirt-cheap, it was clear that allowing INF-based autorun on rewritable removable media was a bad idea. It probably shouldn't have taken Microsoft until 2009 to get rid of this. But the decisions made earlier in the process were not as clear-cut as you're making them out to be.

      • by Anonymous Coward
        This is all just my opinion, my perspective. I don't find you persuasive even though what you say makes sense. If you care to read it, I can tell you why.

        Autorun reflects a basic underlying philosophy behind Windows design, historical and current. The user is a moron with no ability to take even the simplest steps reliably, so let's reinforce and legitimize that notion by trying to make it more of an appliance and less like a general-purpose computer. That's what having things start up automatically
      • by anagama (611277) <obamaisaneocon@nothingchanged.org> on Sunday June 16, 2013 @01:33AM (#44019937) Homepage

        You're indulging in some 20/20 hindsight here. At the time Windows 95 was released, the only media that supported autorun.inf on insertion was CD-ROMs

        I don't think it would have taken any hindsight at all -- floppy based viruses predated CD-ROMs by a long time. If a virus could spread by floppy, why not a CDR?

        • by hairyfeet (841228)

          Because most malware writers didn't have 15k+ to spend on a CD press? Dude I got one of the very first DVD burners in my state, know how much that bitch cost? $600 and media was over $4 a pop for that sucker. CD burners were likewise crazy priced and the media was expensive as hell so it really wasn't a big threat vector, at the time you could buy floppies for 8c a pop and CDR was $2, an RW was closer to $5.

          I swear, these kids...they have NO clue how expensive shit was back then! I bet my fellow greybeard

        • by fluffy99 (870997)

          You're indulging in some 20/20 hindsight here. At the time Windows 95 was released, the only media that supported autorun.inf on insertion was CD-ROMs

          I don't think it would have taken any hindsight at all -- floppy based viruses predated CD-ROMs by a long time. If a virus could spread by floppy, why not a CDR?

          Autorun.inf features also work just fine and dandy when placed in a folder or a network share. Autorun.inf can do more than just run a specific file, it can alter the right-click options, invoke some dlls, change the icon, etc.

      • by bmo (77928) on Sunday June 16, 2013 @01:35AM (#44019955)

        >The real problem came with Windows XP. By this time, recordable CDs (and, later, DVDs) were commonplace

        No, CD-Rs were commonplace by the time Windows 98 came out. I think there were more burned copies of Windows 98 than there were official pressed ones at that time. The first "under $1000" CD-R drive was in 1995, and 3 years to "affordability by ordinary people" in electronics had become the norm even then.

        Autorun from 1998 onward revived the spread of malware by removable media. Nobody was doing bootsector viruses on floppies anymore in 1998 because the number of people booting their machines with an OS floppy was minuscule. Autorun malware took the place of bootsector malware. It was so commonplace that it was recommended by everyone who knew anything about preventing the propagation of malware by pirated software that autorun be turned off.

        In 1998.

        Speaking of convenience, if a software install CDROM (you know, an official one) had an autorun.inf that didn't check to see if the software was already installed, the installer would start. If you merely wanted to pick a file off the CD, you had to cancel the install and open Explorer, rather than simply pop the disk in and browse the drive. This was even before the popularity of burned disks.

        While you can say this was the publisher's fault, it illustrates the dubious value of autorun even as an installation "feature"

        It took a full 10 years of autorun being a problem for it to be turned off in Vista instead of in a service pack or in 98SE and NT4. That shouldn't have happened, and autorun should now not even exist.

        --
        BMO

        • by drinkypoo (153816)

          It took a full 10 years of autorun being a problem for it to be turned off in Vista instead of in a service pack or in 98SE and NT4. That shouldn't have happened, and autorun should now not even exist.

          There is nothing wrong with autorun. There is everything wrong with it being fully automatic. A prompt is what you want. Also, a simple setting to disable it.

        • by yuhong (1378501)

          But they still could not automatically infect other CD-Rs as far as I know. Someone would have to deliberately put it on there.

        • by hairyfeet (841228)

          It is obvious that you never worked corporate or had to deal with multi-thousand dollar software because then you'd know, it was corporate and dongles that kept the feature for so long.

          Was it a great idea in hindsight? Nope but like ActiveX once a corp has spent several million dollars investing in a technology you had BETTER give their ass plenty of time to switch to something else before you break it or that is your ass, and that was the problem that MSFT faced with autorun. I was getting corporate CDs

      • Re: (Score:3, Informative)

        by peppepz (1311345)
        I challenge what Wikipedia says; I was there in 1995, and for new computers that shipped with Windows '95 having a CD-ROM drive was the norm and not the exception. Installing Windows '95 from floppy disks required a very tall pile of them, and I know few people who can recount the experience of installing the OS out of them. CD burners were much rarer, but using burnt CDs coming from a third party was commonplace.
        • In my own experience, I'm pretty sure it was 98 before I found a CD writer that I could afford. It may have been 99, I'm not quite certain. I remember the day I walked into a store outside of Los Angeles on Interstate 10. I just can't precisely place the date.

          As for CD readers, I had one on a 386 SX, a couple of years before Win95 was released. That was just a bit of luck - I found it at an estate sale, and the ladies didn't know the value of the thing. They gave me the whole computer, and a couple box

        • by hairyfeet (841228)

          BULLSHIT, flag on the field for bullshit, and the fact you got modded up just shows how damned many puppies we have here now!

          In 95 you got a CDROM alright but you sure as fuck wasn't getting any burners which were north of a grand, were slow as hell, and were unreliable as hell to boot. You also weren't getting any third party burnt CDs because those damned things were close to $5 a pop and one out of every 3 or 4 would turn out to be a coaster. I should know as my shop had one of the first CD Burners and

          • by peppepz (1311345)
            And what did I say? CD-ROM drives were common, burners not so. About the affordability and ubiquity of burnt CDs, I should know too, as I was in high school in those years, piracy was rampant, and burnt CDs were the only kind of CD that a lot of people had at home, for $10 was still quite less than the $100 a pressed CD used to cost here.

            Of course, I do not accept, condone or encourage piracy.
            • by hairyfeet (841228)

              And what does that have to do with the fact that malware wasn't coming on CDs? The CDs you were getting in the late 90s were made by REAL pirates, the guys who could hand you a UHARCed "rip game" that could squeeze a 3 CD game down to a 200Mb installer file, guys whose Windows discs were frankly better than the ones MSFT was selling because it would already have the most popular software and drivers baked in, those guys weren't passing malware.

              CD driven malware didn't blow the hell up until around 03,04 w

      • 1. Floppy disk viruses were already commonplace, even without autorun.

        2. I burned my first CD in 1997, using my Win95C desktop's built-in burner.

        It took Microsoft better than a decade to put 1 and 2 together (to get 4, mind you--and they managed to be that close only because everybody was shouting the correct answer at them).

        You seem to think this is acceptable. I do not.

      • by dbIII (701233)
        No we are not. Some of us knew it was a fucking stupid idea when it was introduced in 1995. Anybody that listened to the antivirus companies grumbling about it for instance. Then the fools went and repeated the stupidity with the first version of Active-X years later - and it was so widely seen as a stupid idea that a librarian warned me about the consequences and was 100% correct.
        • by Runaway1956 (1322357) on Sunday June 16, 2013 @06:18AM (#44020847) Homepage Journal

          Hey now - you stress the "librarian" thing as if you expect librarians to be clueless. Not fair, I say. In my experience, about half of today's librarians are pretty savvy. Someone has to be administrator on library systems, after all, and in small towns, that will almost invariably be the librarian. Those little old frumpy ladies are generally pretty intelligent, and they don't make the same stupid mistakes repeatedly. Sure, some of them never really get the hang of it, but even those ladies can generally follow directions when given a rigid guideline to follow.

          Maybe I read your post incorrectly, maybe not. I just want to give librarians their due!

          • by dbIII (701233)

            Hey now - you stress the "librarian" thing as if you expect librarians to be clueless

            You are getting it backwards. It's to point out that somebody in a different field could see the looming disaster while many in IT were thinking a stupid idea may just work out if it's MS doing it. I seem to remember discussions here where fanboys insisted the malware swamp we are now living in that mostly came from that was just bad SF.

      • Not really hindsight. I remember having this argument when Windows 95 came out and while many of us simply found it an annoying behaviour the potential for abuse and misuse was very obvious at the time.

      • by hairyfeet (841228)

        Actually they kept in XP for so long (I believe it was right after SP3 or right before they put out a patch that killed it) was because of corporate dongles, a lot of companies used dongles in the early days of XP and by having autorun on the dongle they could just plug in the dongle and it would run the check and fire up the software it was connected to so it WAS a handy feature to have.

        I don't know how many 4 port USB cards I had to install back then because of all the damned dongles that the high end

    • by Anonymous Coward

      Nix isn't immune against malicious wares either. The only folks who believe it is are, either, misinformed or blatantly incompetent.

      Ease of use for end-users was how MS moved to become the dominant player. Any platform is subject to malicious intent and the propogation of said software. I appreciate nix but end-users still find it a struggle. Microsoft, at least, provides native management tools for hardening security, which is another reason its platforms remain the leader in the markets. You can't knock s

    • Autorun in The Year of Our Lord and Savior Jesus Christ Twenty-Thousand-And-Thirteen is beyond the pale.

      I knew it'd be a long time before we had any chance of getting rid of Windows, but---18,000 years?

      How very completely and utterly depressing.

      • by bmo (77928)

        I was saddened and embarrassed by my mis-type, but upon reading your post, I'm gonna stand by it.

        Yes, it would be depressing indeed. But not unexpected. :-D

        --
        BMO

        • It made me laugh on a rainy Sunday morning. Cheers.

    • No it is not ... unless you run unpatched pirated XP sp 2 from 2004 with updates turned off due to a failed Windows genuine advantage tool.

      Windows Vista fixed this and MS patched this for XP in 2009. IT is fud. The problem is according to the article third world countries all run the pirated version of Windows and even though MS relented with update it is so so out of date that even WIndows Update wont work in a sp2 system. I tried it in a VM. You need to manually run fixits from microsoft.com before it can

    • by hairyfeet (841228)

      Uhhh...dude? Yeah hate to break the news to ya but that was actually removed by a patch YEARS AGO and the only ones getting hit by this? Pirates and those that still think that 30 day trial of Norton they got with the system in 2005 actually does anything.

      Here is the FACTS from the guy that builds and fixes these things, straight from the trenches...FACT: WinXP was/is the most pirated OS ON THE PLANET by a HUGE margin and thanks to WGA guess what ALL the pirates disable? Windows Updates. And I say is becaus

  • NSA did a predictive sales analysis for the XBone and decided to take matters into their own hands...
  • ...and you won't autorun a virus.

    • by yuhong (1378501)

      Note that Linux desktop was not free of stupid features either:
      http://www.geekzone.co.nz/foobar/6229 [geekzone.co.nz]

  • Just after NSA deploy its own exploit [yahoo.com]
  • A little while ago, there was some Android malware on Google Play [thenextweb.com] that had this as a side effect.

    It not only infected your phone, but then installed an autorun script on SD cards so the next time you plugged your phone into your PC, it would infect Windows as well.

    You can bet such things will continue... or if it was the cause of some of the spikes, as well.

  • Time to move along (Score:5, Interesting)

    by symbolset (646467) * on Sunday June 16, 2013 @02:56AM (#44020317) Journal
    No doubt we'll see more of this type of article for the next year as the drive to bury XP intensifies. It's not going to yield the results they expect, but hey.
  • "Once the worm is on a new [Microsoft Windows] PC, it extracts a DLL from its code and then copies itself to the temporary user folder. It also copies the Java executable from %ProgramFiles% to the same folder" link [threatpost.com]
  • by smash (1351)
    Seriously? Who hasn't disabled autorun? I remember thinking autorun was a bad idea in 1995 when Windows first included it, and have disabled it on the corporate network for at least... 8 years?
    • by fluffy99 (870997)

      Seriously? Who hasn't disabled autorun? I remember thinking autorun was a bad idea in 1995 when Windows first included it, and have disabled it on the corporate network for at least... 8 years?

      90% of home users? Of course there was also the fiasco that the autorun disable setting still doesn't work t work correctly, requiring a patch and additional registry setting or two to truly kill it.

      • by smash (1351)
        All MS operating systems since vista prompt before autorunning.
        • by fluffy99 (870997)

          All MS operating systems since vista prompt before autorunning.

          XP ha 'autorun'. Vista and later call it 'autoplay', which by default prompts before automatically executing a program.

          Autoplay is still not impervious to attack and ignorant users. AutoPlay still looks for, reads and invokes some commands from the autorun.inf file regardless of the autoplay dialog box selection (depending on device/drive type it still reads the icon and label keywords). If the system hasn't been patched, it is vulnerable to the attack used by Conficker. The autoplay behavior is slightl

Scientists will study your brain to learn more about your distant cousin, Man.

Working...