Panda Security Forum

[Bone]

Dear all,

The Microsoft Windows Operating Systems use the AUTORUN.INF file from removable drives in order to know which actions to perform when a new external storage device, such as a USB drive or CD/DVD, is inserted into the PC. The AUTORUN.INF file is a configuration file that is normally located in the root directory of removable media and contains, among other things, a reference to the icon that will be shown associated to the removable drive or volume, a description of its content and also the possibility to define a program which should be executed automatically when the unit is mounted.

The problem is that this feature, widely critizised by the security community, is used by malware in order to spread by infecting as soon as a new drive is inserted into a computer. The malware achieves this by copying a malicious executable in the drive and modifying the AUTORUN.INF file so that Windows opens the malicious file silently as soon as the drive is mounted. The most recent examples of this are the W32/Sality, W32/Virutas and also the W32/Conficker worm which, in addition to spreading via a vulnerability and network shares, also spreads via USB drives.

Due to the large amount of malware-related problems associated with Microsoft AutoRun we have created a free utility for our user community called Panda USB Vaccine. Nowadays, everyone uses devices like USB sticks to store work-related documents, media players to listen to music, etc. Malware creators are aware of this and create numerous malicious files that spread through these devices.

This free new tool is designed to block malware that spreads through different types of removable drives (USB memory sticks, CDs/DVDs, MP3 players, digital cameras, etc.). Panda USB Vaccine provides a double vaccine, one for the PC and one for individual memory sticks.

To read more about this tool and locate the download, please visit http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx

Regards,

The Panda Security Team.