Pedro Bustamante at 05 March 09 10:01
The Microsoft Windows Operating Systems use the AUTORUN.INF file from
removable drives in order to know which actions to perform when a new
external storage device, such as a USB drive or CD/DVD, is inserted
into the PC. The AUTORUN.INF file is a configuration file that is
normally located in the root directory of removable media and contains,
among other things, a reference to the icon that will be shown
associated to the removable drive or volume, a description of its
content and also the possibility to define a program which should be
executed automatically when the unit is mounted.
The problem is that this feature, widely criticized by the security
community, is used by malware in order to spread by infecting as soon
as a new drive is inserted in a computer. The malware achieves this by
copying a malicious executable in the drive and modifying the
AUTORUN.INF file so that Windows opens the malicious file silently as
soon as the drive is mounted. The most recent examples of this are the
W32/Sality, W32/Virutas and also the W32/Conficker worm which, in addition to spreading via a vulnerability and network shares, also spreads via USB drives.
Due to the large amount of malware-related problems associated with Microsoft AutoRuns we have created a free utility for our user community called Panda USB Vaccine.
The free Panda USB Vaccine
allows users to vaccinate their PCs in order to disable AutoRun
completely so that no program from any USB/CD/DVD drive (regardless of
whether they have been previously vaccinated or not) can auto-execute.
This is a really helpful feature as there is no user friendly and easy
way of completely disabling AutoRun on a Windows PC.
The free Panda USB Vaccine can be used on individual USB drives to
disable its AUTORUN.INF file in order to prevent malware infections
from spreading automatically. When applied on a USB drive, the vaccine
permanently blocks an innocuous AUTORUN.INF file, preventing it from
being read, created, deleted or modified. Once applied it effectively
disables Windows from automatically executing any malicious file that
might be stored in that particular USB drive. The drive can otherwise
be used normally and files (even malware) copied to/from it, but they
will be prevented from opening automatically. Panda USB Vaccine
currently only works on FAT & FAT32 USB drives. Also keep in mind
that USB drives that have been vaccinated cannot be reversed.
Panda USB Vaccine is a 100% free utility. We’ve tested it under
Windows 2000 SP4, Windows XP SP1-SP3, and Windows Vista SP0 and SP1.