Security companies recommend users to patch their systems and disable AutoRun

Dec 3, 2012 09:45 GMT  ·  By
Security company Trend Micro claims the infection rate has increased significantly in the last weeks
   Security company Trend Micro claims the infection rate has increased significantly in the last weeks

A new form of malware is trying to exploit a four-year-old Windows AutoRun bug on unpatched Windows workstations, including Windows 7 and the new Windows 8 operating system.

Security companies warn that more and more computer users are getting infected with this malware, even though the latest Windows iterations come with dedicated patches that block the launch of Autorun.inf files.

The infection is reportedly triggered whenever the user inserts an USB drive or any other portable media storage in his computer. In some cases, the infection also spreads through the network once the user clicks the infected file.

Security company Sophos warned that this virus, which sometimes is also trying to spread infected files via Facebook, creates executable files on the target media using names that hint at adult content, as it attempts to convince users to launch them.

Once it infects the computer, the malware is used to connect to a command-and-control server, waiting for additional instructions that could comprise downloads of other apps, such as Trojans and malicious software used for stealing bank accounts data.

“It appears to be a cocktail of clever social engineering, poor default settings and user carelessness,” Chester Wisniewski of Sophos said. “You would hope this technique wouldn't be too effective on today's PCs, though. While the basic components of this malware have been around for some time, it has become considerably more aggressive in its latest iteration.”

Users are highly recommended to update their anti-virus software and to disable the Windows AutoRun, just to make sure they are on the safe side. The main component of the malware is W32/VBNA-X, with some other variants including W32/VBNA-U, W32/VBNA-Z, W32-VBNA-AA and W32/VBNA-AB.

“Ensure Autorun is totally disabled on all Windows operating systems” and “block all outbound connections to unknown ports and services on your gateway and client firewalls,” Sophos recommends.