Report: AutoRun malware infections continue topping the charts

Report: AutoRun malware infections continue topping the charts

Summary: Despite Microsoft's response to the rise of AutoRun malware infections in February, 2011, according to ESET's recently released telemetry data for 2012, the infection vector tops their chart for a second year in a row.

SHARE:
TOPICS: Security
12

Despite Microsoft's response to the rise of AutoRun malware infections in February, 2011, according to ESET's recently released telemetry data for 2012, the infection vector tops their chart for a second year in a row.

What seems to be the problem?

It's called software piracy, which has the capacity to lead to the successful compromise of a host, thanks to the outdated third-party software and operating system that it's running, as well as the often backdoored software cracks/key generators distributed to gullible users.

In 2009, the Business Software Alliance (BSA) released a report connecting the high malware infection rates of several countries, to the piracy rate corresponding to the same countries. In a blog post back then, Symantec also speculated that "The lack of patching due to piracy may be a contributory factor to high infection rates in those countries."

Does software piracy automatically translate into a successful malware infection on the host in question? It can greatly contribute to such an event, taking into consideration the fact that millions of Internet connected users within developing countries are currently online using pirated versions of Microsoft's Windows OS, preventing them from obtaining the latest security patches, including the one that's preventing the abuse of the AutoRun feature.

When speculating on the logical connection between software piracy and malware infection rates, it's worth emphasizing the fact that, on a large scale, cybercriminals tend to exploit browser/browser plugin specific flaws, compared to actually building an inventory of client-side exploits targeting popular third-party software, and OS specific flaws. At least that's what I've been observing over the past couple of years, an observation which naturally excludes targeted attacks/cyber espionage campaigns which can utilize these.

With this in mind, it shouldn't be surprising that AutoRun infections continue topping ESET's charts, years after Microsoft took care of the problem, and even reported a decline in this type of infections thanks to their response to the issue. It's basically users running a pirated/outdated version of their Windows OS.

What do you think? If not software piracy, what's still contributing to the existence of AutoRun infections, years after Microsoft (supposedly) fixed the problem?

Find out more about Dancho Danchev at his LinkedIn profile.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • 5 years

    A 5 year old story.
    MoeFugger
    • Re: 5 years

      "A 5 years old problem" to be more precise.
      ddanchev
  • Software Piracy

    "It's called software piracy, which has the capacity to lead to the successful compromise of a host, thanks to the outdated third-party software and operating system that it's running"

    No type of software, be it Antivirus, Firewall, App Whitelisting, newest OS, latest patches, can defend against unknown malwares which are included in pirated software.
    Martmarty
  • They missed a spot

    When Microsoft released an update to modify AutoRun behavior on WinXP/Vista to be consistent with Win7's behavior, they didn't address all possible AutoRun vectors, such as CDs or DVDs. Since there's malware that _does_ infect the files waiting to be burned to disc (e.g. the W32.Mabezat, W32.HLLW.Infex, and W32.Serflog families), among other risks, I'd suggest fully disabling all AutoRun functionality in one of two ways:

    1. by Group Policy. Drill down to Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies and go to town.

    2. using Microsoft's Fix-It found in their Knowledge Base article 967715.

    You lose a little ease of use, but it's the lesser of two evils IMO.
    mechBgon
  • Piracy vs security

    I think this is an interesting topic, even though it is an old one! For those, who cannot afford to buy the legal operating system, the issue is, "Is stealing right? And when you do, how are you going to get the security that your machine needs?"

    For those, who are just used to waiting and running the pirated copies, perhaps, this is the time you should learn how to shake out from this sad habit.
    Wonder.man
    • There are other options for Much better securityinstead of using Windows...

      that people have like installing any of the Free Linux Distributions like Ubuntu, Kubuntu, Linux Mint and several others. There is also my favorite Unix-like operating system which is also FREE: PC-BSD. :-)
      sg1efc
      • and...

        this reply system Really needs to give posters the ability to Edit their comments for typos, LoL. :-)
        sg1efc
  • Mac and Linux users are not affected

    Only Winblows users are...well, as usual, nothing new
    shellcodes_coder
    • Patched Windows users are not affected.

      Being that this article is about pirated versions of Windows without the latest security updates - it appears as if users with the latest patches are unaffected.

      It's also possible that Vista/7/8 users are also unaffected, as most of the AutoRun issues were back in the XP days.
      CobraA1
  • Mac Linux users are not affected?

    OS X has it's own version of autorun with the Safari option "Open 'safe' files after downloading". This option, enabled by default, was an important factor in recent malware infections on OS X. Best to disable this option on OS X.

    You're right about GNU/Linux, though. And had you mentioned BSD, you'd have been right about that too.
    Rabid Howler Monkey
    • :-)

      "And had you mentioned BSD, you'd have been right about that too."

      BSD = yay! :-) Love my PC-BSD. :-)
      sg1efc
  • Its not piracy, its the mindset

    Many many users dont patch even with licensed Windows because they use outdated hardware and letting the auto-updater run sometimes slows down their machines big time. Setting it to only notify about updates doesnt help either because many users dont know what that really means and they are afraid of "breaking the computer" (of course they have no such fears clicking on lame ass infected links that come on Yahoo/Facebook/mail).
    Typically the above types do their work on the above computers and they "dont have the time" to listen to the IT guys because "they have to actually work"...

    Also, even on pirated Windoze you will get the security patches - if you know what are doing, you can run a fully patched XP in no time ( 7 seems even easier...).
    So the issue is not really the pirated nature of the OS, its the complacency of the users (they disable the auto update on pirated Windows instead of going through the updates and "weed out" the wga related stuff and keep the goodies).

    PS. I personally run Windows only in a virtual machine (with valid license too) and i dont advocate the use of unlicensed software in any way.
    gradinaruvasile