One of the main reasons of rapid spreading of viruses is due to the presence of Autoplay in Windows. Autoplay feature was originally introduced to enhance user experience. An easy way for a virus to enters a PC is through exploiting this option. You can see Autoplay in action when a driver CD of you Motherboard or a Printer start its installation process as soon as you inserts it. Here let us look at how Autorun can be added to a drive (CD, USB, HSS etc..) and make it Windows open a program automatically when you puts it in or double clicks it.
Adding Autoplay to any drive is as easy as creating a text file and typing some commands into it. Have a look at the Autorun.inf file (this makes Windows run programs automatically from CDs) of the Microsoft Office 2007 CD.
The Right Click menu has been modified according to the entries in the autorun.inf file. The file need to be saved with the name Autorun.inf The bad part is that autoplay can be added to any drive. And a virus can create an autorun file in a USB drive inserted into an infected system. It then makes the autorun file such that not only does the autoplay option open an infected file but the Open and Explore commands in the right click menu will also do the same.
This is the Screen shot of an Autorun.inf file created by the virus Infostealer.Wowcraft.D virus
It will automatically install itself with out you ever knowing, if autoplay is enabled. You might have figured out how easy a virus can infect a Windows based system.
As they say prvention is better than cure. Here are some steps you can take to prevent infection of viruses due to Autoplay.
2. Always Open a CD or Pen Drive (USB stick) by using the pull down menu of your address bar. You can also type the drive letter followed by a “ : ” eg. D: in the address bar or Run box and press enter.
More about disabling autoplay will be posted in the next post.