Despite Microsoft's response to the rise of AutoRun malware infections in February, 2011, according to ESET's recently released telemetry data for 2012, the infection vector tops their chart for a second year in a row.
What seems to be the problem?
It's called software piracy, which has the capacity to lead to the successful compromise of a host, thanks to the outdated third-party software and operating system that it's running, as well as the often backdoored software cracks/key generators distributed to gullible users.
In 2009, the Business Software Alliance (BSA) released a report connecting the high malware infection rates of several countries, to the piracy rate corresponding to the same countries. In a blog post back then, Symantec also speculated that "The lack of patching due to piracy may be a contributory factor to high infection rates in those countries."
Does software piracy automatically translate into a successful malware infection on the host in question? It can greatly contribute to such an event, taking into consideration the fact that millions of Internet connected users within developing countries are currently online using pirated versions of Microsoft's Windows OS, preventing them from obtaining the latest security patches, including the one that's preventing the abuse of the AutoRun feature.
When speculating on the logical connection between software piracy and malware infection rates, it's worth emphasizing the fact that, on a large scale, cybercriminals tend to exploit browser/browser plugin specific flaws, compared to actually building an inventory of client-side exploits targeting popular third-party software, and OS specific flaws. At least that's what I've been observing over the past couple of years, an observation which naturally excludes targeted attacks/cyber espionage campaigns which can utilize these.
With this in mind, it shouldn't be surprising that AutoRun infections continue topping ESET's charts, years after Microsoft took care of the problem, and even reported a decline in this type of infections thanks to their response to the issue. It's basically users running a pirated/outdated version of their Windows OS.
What do you think? If not software piracy, what's still contributing to the existence of AutoRun infections, years after Microsoft (supposedly) fixed the problem?
Find out more about Dancho Danchev at his LinkedIn profile.