There is a vast amount of malcode out there that uses the autorun function to install itself, and that group includes Conficker. We found over 900 variants listed on one of our fellow AV vendors’ sites and over 1,000 listed on another.
Microsoft’s site shows a graph of its monthly detections of AutoRun malware in the last year and a half. It looks like the outline of a dragon. The end of its tail is on the ground (near zero) from July of 2007 to January of 2008, and the top of its head, from November of 2008 to March, 2009, is at 225,000 detections per month.
The company has announced that it will disable the AutoRun function in AutoPlay for USB drives in Windows 7 and back port the change to supported Windows versions. AutoPlay will still work for CDs and DVDs, however.
When the malcode writers started using the autorun.inf file on USB drives several years ago, it was like Déjà vu all over again. Remember the days when you could infect your “home” computer by starting it up with a “floppy” disk in the drive? Well, floppies and discs fell by the wayside along the years with the expanded use of CDs and DVDs, but the dragon came back to bite us in the USB drive.