Malware writers step up AutoRun attacks

Anti-virus firm Avast Software has warned of a growing risk to enterprise systems from infected USB devices targeting the AutoRun feature in Windows.

The company said that one in eight of the 700,000 attacks recorded by the firm's CommunityIQ system came from USB devices.

"The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers, which were also spread via infected memory sticks," said Avast Virus Lab analyst Jan Sirmer.

"Cyber criminals are taking advantage of people's natural inclination to share with their friends, and the growing memory capacity of USB devices. Put these two factors together and we have an interesting scenario."

Once infected with a generic USB worm, detected by Avast as 'INF:AutoRun-gen2 [Wrm]', an executable file is started which then allows a wide variety of malware to copy itself into the core of Windows. The malware then replicates each time the computer is started.

Many people decide not to scan their systems for potential infections because a full scan can take up to an hour for a 1TB device, explained Sirmer.

"This danger is poised to increase with the introduction of the new USB 3 standard. In parallel with these technological improvements, the writers of AutoRun malware are developing new code and ways to obfuscate their work," he said.

"Once, I found 'y0u c4nt st0p us' in the middle of some code. They know they are in the lead."