Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Malware & Threats

Autorun-Based Threats Caused 12% of Malware Infections in Q1 2012, Says Bitdefender

USB-based Threats Persist Despite Years of Software Updates

USB-based Threats Persist Despite Years of Software Updates

According to numbers coming from Internet security firm Bitdefender, Autorun-based threats, which typically spread via infected USB sticks, were responsible for 12 percent of global infections in the first quarter of 2012. Despite the fact that the Autorun feature was eliminated from operating systems in Windows Vista SP1 in 2008, worms that take advantage of the feature continue to infect systems worldwide.

“The magnitude of this threat — so many years after it should have disappeared — is astonishing,” said Catalin Cosoi, chief security researcher, Bitdefender. “Some of the heavy-hitters of the virus world, such as Downadup and Stuxnet, spread this way — prevention should be a simple matter.”

The mass introduction of USB storage devices and the apparition of the Autorun feature in Windows have been widely exploited since the early 2000s. Within five years, Autorun worms reached epidemic proportions autorun-based threats have dominated the malware landscape report since.

“You never know for certain where a USB stick may have been. It is worth making a habit of checking your portable drives,” said Adina Jipa, product marketing manager at Bitdefender USB.

In order to help address the threat, Bitdefender, has released a new version of its USB Immunizer, which helps protect against autorun-related threats.

Bitdefender OfficeIn addition to announcing the tool, the Bucharest, Romania-based firm shared 5 facts about Autorun-based malware:

1 – The Autorun.inf file is not malicious itself. It is used by some families of malware that copy themselves on USB sticks to force the computer to automatically execute them when an infected stick is plugged into a Windows-based PC.

Advertisement. Scroll to continue reading.

2 – Among the most important families of malware that use the Autorun exploitation to spread are Stuxnet, Downadup, Sality, Rimecud or OnlineGames.

3 – Autorun-based malware can copy itself on MP3/MP4 players, mobile phones, SD cards (such as those in digital cameras) and other devices. When plugged in other PCs, the malware is executed automatically.

4 – Since autorun.inf files are plain-text files that can be opened and analyzed, malware creators obfuscate their creations to make them unreadable by humans. However, this is also their weak point. This degree of obfuscation is uncommon in text files and triggers AV detection.

5 – Trojan.AutorunInf (a detection that intercepts rogue autorun.inf files) has been the number one source of infection for more than three years in a row. During this time, it has helped various malware families infect millions of computers worldwide.

Bitdefender USB Immunizer is available here.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...