Zero Day

Ryan Naraine and Dancho Danchev

AutoRun malware infections declining

By Dancho Danchev | June 15, 2011, 4:58am PDT

Summary: Microsoft is observing a 59% decline of AutoRun malware infections on XP, followed by 74% on Vista.

Following February’s update issued by Microsoft limiting the propagation of AutoRun-based malware on Windows XP, the company has just reported that the move is working and that Microsoft is observing a significant decline in the propagation of AutoRun-based malware.

More specifically, the company is observing a 59% decline on XP, followed by 74% on Vista in comparison to the 2010 infection rates:

62 percent decrease on Windows XP SP 3
68 percent decrease on Windows Vista SP 1
82 percent decrease on Windows Vista SP 2

Millions of users continue using pirated Windows copies, preventing them from obtaining the latest Windows Updates, thereby exposing themselves to malware attacks.

Why do you think users continue using pirated copies of Microsoft’s products, thereby exposing themselves to security risks? Does software piracy really lead to higher malware infection rates?

What do you think?

Talkback.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

MS Patch Tuesday: Gaping holes haunt Internet Explorer browser

LulzSec, Anonymous and hacktivism: Crappy security has caught up with us

Topics

Infection, Microsoft Windows XP, Microsoft Windows Vista, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Full Bio
Disclosure
Contact

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Talkback Most Recent of 13 Talkback(s)

Follow via:: RSS; Email Alert

6 years later

the first malicious autorun showed up in 2005, i believe. it took until 2011 for microsoft to properly fix their mistake?
bad design decision-makers at microsoft that feign naivety about the significance of security vs. functionality trade-offs are more a danger than pirated systems.

i thought that msft is more "open" about keeping pirated systems clean. aren't security patches still downloadable on pirated microsoft windows installations?
TF_kj
15th Jun
- Reply to
- Flag
RE: AutoRun malware infections declining

@TF_kj Just because it's downloadable on pirated windows (XP through autoupdate) doesn't mean people actually will turn on Autoupdate. I have seen many priated XP in China didn't turn on AU. I bet you most infected population are in China.

For the rest of the world, if you don't turn on AU and got infected, you only have yourself to blame.
Samic
15th Jun
- Reply to
- Flag
The bulk of XP users are still in China

@Samic That 48% of Windows XP users that Windows 7 is finding so hard to decline is located in China. They are afraid of upgrading because WGA. Personally, Microsoft doesn't need to cater to these individuals since they never bought the software in the first place. Regardless Microsoft offers significant discount in pricing in developing countries such as China and India, persons still turn to pirated software. The way I look at it, its a lost case, if they want to use it, its their business, if their PC's get infected, its their business.
Mr. Dee
15th Jun
- Flag
Dodgy vs Legit OS installs.

When I was younger and poorer the cost was prohibitive and seemed extortionate. Now I see the OEM price of around $100 AUD as being reasonable and affordable. As a part time system builder, I almost always buy an oem copy when buying a system's worth of components, even if the customer doesn't want it for themselves. I generally have a few Win7 oems lying around now, waiting to be used. I only persist with an old dodgy copy of XP Pro for my home theatre box because for some reason Win7 and my projector don't quite get along - the projected desktop is smaller than it should be. Its a pity because Win7 is awesome and I have spare licences I could use!

For me, moving from dodgy to legit OSes was part of growing up and feeling more appreciation for the work that goes into software. The fact that Bill Gates never showed up with a SWAT team suggests to me that he remembers being a kid once too. Or maybe I am on the next page of his list? Hmmm.
John in Brisbane
15th Jun
- Reply to
- Flag
Pirates intelligence

@John in Brisbane
I have to concur with Samic that the average WinXP Pirate is NOT going to allow their computer to "phone home" to Microsoft for security updates. Personally I consider software piracy to be a criminal activity and that criminals are by and large not highly intelligent.

http://smiley.pmaco.com/journal/201103/IIQindex_February_update_SJ110301_.html

Dancho, my answer to your question is "Yes", sort of. Piracy does lead to higher malware infection rates because it leaves more infectable systems for the script kiddies to access, but the pirates are a subset of the REAL culprits which are sloppy, inattentive computer users.

Smiley
smiley97111
15th Jun
- Reply to
- Flag
Microsoft AND Anti-Virus companies

Drive-by infections have always been one of the biggest problems in any OS. You don't open an unknown program exe or do anything any cautious user wouldn't do, yet they can wreck your OS, programs and data.

It is very good news that most of these are now being tackled by Microsoft AND the Anti-Virus companies. Please remember that it is largely prompt action by the AV companies that stop the majority of Autorun attacks. If it wasn't for the AV companies many more of these would get through by the time Microsoft (eventually!) gets round to patching their OS!
chaz15
15th Jun
- Reply to
- Flag
RE: AutoRun malware infections declining

Software piracy used to more in India as well. That happens when you buy a PC and don't want to have the OS pre-installed with it. Most people try to install pirated copies of the OS and other software . Now with more and more people buying notebooks from vendors, they have genuine software. The piracy rate is decreasing in India for sure.
saijagan
15th Jun
- Reply to
- Flag
Depends on the pirate's intelligence

I have seen several computers (one of them being myne ), at the university I go to, that are running pirated versions of Windows Vista/Se7en ultimate and yet they are gaining all the benefits just like the genuine one.

It all falls back to their intelligence with computers. Unfortunately, majority of pirates are simply noobish chitas/followers, which is why the statement " Software piracy leads to higher infection rates" holds true
MrElectrifyer
15th Jun
- Reply to
- Flag
RE: AutoRun malware infections declining

the present day net books reduce this as well they have got a pre-installed os in them.But still some vendors are providing a pirated version in the notebooks to naive users
SampathKanike
19th Jun
- Reply to
- Flag
RE: AutoRun malware infections declining

MS should alwasy prompt the user with a message that says, "Hey, do you want this program to always startup every time you start your computer? The reason why we ask is becasue if this program is not a system utility, it is most likely a virus...."

In the mean time, can someone explain the logic of why Itunes install services on Windows? Do they have some kind of an ego problem?
TheSaint777
20th Jun
- Reply to
- Flag
The question was WHY DO PEOPLE USE PRIATED WINDOWS

For many, the answer is simply because they can. Those people would not pay for the Win OS no matter how cheap it was.

For many others, coughing up $150 - $200 for a retail box of Windows is not a realistic option, (especially when OEMs and Third World hackers are offered licenses for pennies on the dollars.

Finally, lots of people have OEM PCs and didn't get (or lost) their install disks. They have a sticker on the case, but the key doesn't work with the borrowed install CD they have, so they search the internet and get a pirated install KEY that will work with the disk they did scratch up. Often they had Home Edition and could only come up with a Pro install disk, so no updates for them! Yes, I have seen this multiple times. M$ creates a lot of headaches with the different versions not installing off the same disk. Often, when downloading an install CD iso, they can find upgraded versions with pirated keys available side by side. Since M$ already drove them to the internet, they figure, "Why not?"

Those are some of the reasons people continue to pirate Windows.
michaellashinsky@...
21st Jun
- Reply to
- Flag
RE: AutoRun malware infections declining

Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
MEJIAHA
30th Sep
- Reply to
- Flag
RE: AutoRun malware infections declining

Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
FAULKNE
13th Oct
- Reply to
- Flag