W32/Autorun Worm: A Nasty Bug for Your Computer

By on

What do you think of when you hear the word “malware”? Most people think of the general term “virus”–something that a hacker puts on your computer that disrupts activity or steals information. In reality, malware (malicious software) can encompass a variety of different hacker tools, and true viruses are just one in a long list that includes Trojan horses, spyware, and today’s topic: the computer worm.

Recently, a highly infectious computer worm coined W32/Autorun was discovered infecting Windows computers. What makes a worm like W32/Autorun unique is that unlike a true virus, a worm doesn’t actually steal something from your computer. Instead, it’s designed to spread rapidly and open as many security holes as possible–ultimately allowing hackers to download a different form of malware (possibly a virus or a Trojan that targets your financial records) that will steal information, money, or both.

How the Worm Spreads

The W32/Autorun worm spreads through physical contact. In your computer’s case, this means connecting an infected flash drive, logging into a shared Internet connection, or plugging into a shared external hard drive. Once the worm infects a new computer through a shared connection or device, it replicates itself multiple times and looks for more ways to spread. 

There are 2 key ways that W32/Autorun gets past your computer’s defenses:

1.    Windows AutoRun: An Automatic In

W32/AutoRun takes advantage of Microsoft’s AutoRun feature. While this feature was not included in Windows 8 for security reasons just like this, it still exists on many older machines that haven’t been updated in a while.  When you plug a device into an older Windows computer that does have AutoRun, a dialog box pops up asking if you want to automatically run whatever is on the device. As you can imagine, this capability is a huge risk from a security perspective. Unsuspecting users click “run” only to find that they’ve authorized the W32/Autorun worm.

2.    Fake Folders Lure Victims In

For users who don’t have AutoRun enabled, like those using Windows 8, W32/Autorun disguises itself as interesting files and folders to trick you into downloading the worm. For example, W32/Autofun often creates imposter files with names like “porn” and “sexy” in infected flash drives or shared Internet connections to lure potential clicks. Once you click on the file to open it, it’s exactly like prompting AutoRun–the file is executed, and your computer is infected.

To ensure full impact, the worm can also change your computer’s settings to allow it to run every time you boot up. Some variants of the worm even disable Windows updates to prevent the system from downloading security patches. This process ensures that the worm can do its job: infect every device your computer comes into contact with and open the door for any virus a hacker wants to install at your expense.

How to Prevent a W32/Autorun Infection

1.    Disable AutoRun

If your computer is still prompting you to automatically run applications whenever you insert a CD, log into a new Internet connection, or plug in a flash drive, update your computer as soon as possible. Visit the Microsoft website to learn how to disable AutoRun for your specific version of Windows. To disable AutoRun independently of software updates, the easiest way is to download a free utility like Disable AutoRun.

2.    Beware of Shared Removable Devices

Remember: this worm is highly infectious. If you share a flash drive with a friend whose computer is infected, that flash drive can carry the worm back to your computer. If you do need to share a device, make sure AutoRun is disabled when you plug it back in, and check that your security protection has the capability to scan new drives to prevent you from clicking on infected files.

Reliable Anti-Virus: What to Do When You’re Already Infected

While my first two tips focus on prevention, a reliable security solution will not only prevent a W32/Autorun infection, but also remove it from your computer.  Solutions like McAfee All Access will catch the W32/Autorun worm bug and others like it, preventing you from accidentally spreading it to friends and family. If you already have a McAfee solution installed, visit our website for details on how to download the latest fix for the W32/Autorun worm.

For more on this topic and other emerging security threats, follow us on Twitter at @McAfee.

Categories: Consumer Threat Notices
Tags:

Leave a Comment

Similar articles

Online gaming has grown exponentially in recent years, and scammers have taken note. With the industry raking in over $100 billion dollars in 2017 alone[1], the opportunity to funnel some money off through fraud or theft has proven irresistible to the bad guys, leaving gamers at greater risk. From malware and phishing scams, to phony ...
Read Blog
McAfee’s Mobile Research team recently learned of a new malicious Android application masquerading as a plugin for a transportation application series developed by a South Korean developer. The series provides a range of information for each region of South Korea, such as bus stop locations, bus arrival times and so on. There are a total ...
Read Blog
Many of us rely on customer support websites for navigating new technology. Whether it’s installing a new piece of software or troubleshooting a computer program, we look to customer support to save the day. Unfortunately, cybercriminals are leveraging our reliance on customer support pages to access our personal information for financial gain. It appears that a ...
Read Blog