Recently, a highly infectious computer worm coined W32/Autorun was discovered infecting Windows computers. What makes a worm like W32/Autorun unique is that unlike a true virus, a worm doesn’t actually steal something from your computer. Instead, it’s designed to spread rapidly and open as many security holes as possible–ultimately allowing hackers to download a different form of malware (possibly a virus or a Trojan that targets your financial records) that will steal information, money, or both.

How the Worm Spreads

The W32/Autorun worm spreads through physical contact. In your computer’s case, this means connecting an infected flash drive, logging into a shared Internet connection, or plugging into a shared external hard drive. Once the worm infects a new computer through a shared connection or device, it replicates itself multiple times and looks for more ways to spread. 

There are 2 key ways that W32/Autorun gets past your computer’s defenses:

1.    Windows AutoRun: An Automatic In

W32/AutoRun takes advantage of Microsoft’s AutoRun feature. While this feature was not included in Windows 8 for security reasons just like this, it still exists on many older machines that haven’t been updated in a while.  When you plug a device into an older Windows computer that does have AutoRun, a dialog box pops up asking if you want to automatically run whatever is on the device. As you can imagine, this capability is a huge risk from a security perspective. Unsuspecting users click “run” only to find that they’ve authorized the W32/Autorun worm.

2.    Fake Folders Lure Victims In

For users who don’t have AutoRun enabled, like those using Windows 8, W32/Autorun disguises itself as interesting files and folders to trick you into downloading the worm. For example, W32/Autofun often creates imposter files with names like “porn” and “sexy” in infected flash drives or shared Internet connections to lure potential clicks. Once you click on the file to open it, it’s exactly like prompting AutoRun–the file is executed, and your computer is infected.

To ensure full impact, the worm can also change your computer’s settings to allow it to run every time you boot up. Some variants of the worm even disable Windows updates to prevent the system from downloading security patches. This process ensures that the worm can do its job: infect every device your computer comes into contact with and open the door for any virus a hacker wants to install at your expense.

How to Prevent a W32/Autorun Infection

1.    Disable AutoRun

If your computer is still prompting you to automatically run applications whenever you insert a CD, log into a new Internet connection, or plug in a flash drive, update your computer as soon as possible. Visit the Microsoft website to learn how to disable AutoRun for your specific version of Windows. To disable AutoRun independently of software updates, the easiest way is to download a free utility like Disable AutoRun.

2.    Beware of Shared Removable Devices

Remember: this worm is highly infectious. If you share a flash drive with a friend whose computer is infected, that flash drive can carry the worm back to your computer. If you do need to share a device, make sure AutoRun is disabled when you plug it back in, and check that your security protection has the capability to scan new drives to prevent you from clicking on infected files.

Reliable Anti-Virus: What to Do When You’re Already Infected

While my first two tips focus on prevention, a reliable security solution will not only prevent a W32/Autorun infection, but also remove it from your computer.  Solutions like McAfee All Access will catch the W32/Autorun worm bug and others like it, preventing you from accidentally spreading it to friends and family. If you already have a McAfee solution installed, visit our website for details on how to download the latest fix for the W32/Autorun worm.

For more on this topic and other emerging security threats, follow us on Twitter at @McAfeeConsumer.

Searching online, I rapidly found deaddrops.com. This site explains that the dead-drop project is an anonymous, offline, peer-to-peer file-sharing network in public spaces. The media are USB flash drives, embedded into walls, buildings, and curbs accessible to anybody to drop or find files on the drive. Each participant just has to plug in a laptop and share files and data.

A world map and a database list 385 USB keys around the world, representing total storage of 1,140 GB. According to the map, Europe (with Germany and France in the lead) is better covered than the United States.

The following four pictures were taken in Paris:

I have to say I find this initiative funny. I am curious to know what kind of data we can find on these keys: malicious code? music and video (from legal or illegal downloads)? All sorts of pictures? I will visit some of these keys soon and will keep you informed if my catch is fruitful.

Malicious code for USB flash drives is a problem in general, and the danger that these keys might be misused is clearly mentioned in the FAQ associated with this project. The curious, occasional, or frequent users of these keys will have to be vigilant. If you must use these sharing “sites,” it’s best to connect with a virtual machine or computer dedicated to this activity–one without any confidential or precious data.