Jump to content

Categories:    Windows      Software      Hardware      Security      Mobile      Internet      Guides
Sponsored Links
Recent Forum Topics
Community Zone
MSFN Guides
Mobile News

MSFN Recommend
AskVG.com Bink Filehorse FreewareFiles Where unprofessional journalism looks better OSNN The Windows Club WinBeta lunarsoft
MSFN Statistics

Windows News
Autorun-abusing malware (Where are they now?)
Posted on Jun 15 2011 01:21 AM by xper in Security

On Feb. 8, Microsoft started releasing updates for the Windows XP and Vista platforms to make the Autorun feature more locked-down on those older platforms by preventing AutoPlay from being enabled automatically (except when it comes to "shiny media" such as CDs and DVDs). We knew we would want to come back sometime later to measure how the update changed the rate of infection for these families. That time is now. Let's have a look.

As reported in volume 10 of the Microsoft Security Intelligence Report and in a previous post, malware using a technique to abuse a feature of Windows called Autorun grew in prevalence in 2010. If you examine the top families, you'll spot the top offenders: Taterf, Rimecud, Conficker, and Autorun (a "family" that we detect with generic signatures based on Autorun propagation behaviors).

The following chart, based on the data in the SIRv10 report, shows their changes quarter over quarter in 2010. This chart shows the total number of detections reported by computers running any MMPC product, so it includes malware that was detected and blocked (no infection) and also those found by the Microsoft Malicious Software Removal Tool (MSRT) for removal. (In other words, these are counts for computers reporting detections, not infections.)

Attached Image: BID573-autorunupdate-chart1.png

Then something expected happened. The infection rates for Windows XP and Vista went down -- pretty significantly, in fact. By May of 2011, the number of infections found by the MSRT per scanned computer was reduced by 59% on XP and by 74% on Vista in comparison to the 2010 infection rates. Specific service packs show even greater declines between the month prior to the update (Jan. 2011) and last month (May 2011).

The chart below illustrates how Windows XP SP 3 and Windows Vista SP 1 & 2 changed dramatically. Windows 7 shows little change (it already had the updated Autorun feature), and neither did Windows XP SP 2 (it's out of support, so it didn't get the update).

Attached Image: BID573-autorunupdate-chart2.png

More @ Microsoft Malware Protection Center Blog

Your Comment?