If we needed any further reminders, new data has shown that malware which exploits the Windows Autorun vulnerability accounts for more than 35% of the top 10 global infections so far this year.  This is more than double the proportion found in the second half of 2008.

The key findings from Microsoft’s Security Intelligence Report Version 7 show that the Conficker worm, along with a Trojan called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers respectively. 

Taterf is notable in that it spreads only via Autorun, and of course Autorun is one of the vectors by which Conficker can spread. 

While our Cruzer Enterprise secure flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, it’s worth remembering that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames. 

We suggest being cautious in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.

Earlier this year we posted on this blog about the continued rise of malware that exploits the Windows AutoRun feature to replicate onto removable media, such as USB thumb drives.  As we saw just a couple of weeks ago, a UK local government body suffered significant problems and incurred high costs as a result of a Conficker infection, which uses this exploit.

Of course, our Cruzer Enterprise flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, because they will quarantine and destroy the malware if copied onto the drive. 

But it’s also worth a reminder that that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames.  While disabling Windows AutoRun is possible, it’s also inconvenient for users to manually launch a portable device or program they may need. 

We would suggest exercising extreme caution in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.  These measures will help to minimise any risks.

After several years when the malware threat was steadily diminishing, the latest quarterly threat report from our anti-virus partner McAfee shows that it’s on the rise again. 

Zombie computers, which are controlled remotely by spam botnets, grew by about 12 million PCs in the first quarter - a 50% increase since the last quarter of 2008, McAfee said.  This also exceeds the previous record by 1 million.

And while the much-discussed Conficker worm has yet to reveal a malicious payload or real threat following its rapid spread earlier this year, it is a sign of things to come, said the report.  AutoRun-based malware, which can use USB drives to spread to new PCs, was seen in far greater numbers than Conficker in Q1 2009 this quarter.

So it’s wise to use secure USB drives like our Cruzer Enterprise, that features onboard, integrated anti-virus scanning, to stop Auto-run malware spreading this way.

Here is a final reminder that on April 1st, the Conficker worm (also known as Downadup or Kido) will change the way it updates itself, moving to a system that is much harder to remove.

However, malware experts predict that it is unlikely to affect the majority of computer users.  April 1 is what’s called a trigger date, when the worm will switch the way it looks for software updates.  It has already had several such trigger dates, including January 1, which did not directly impact on IT operations.

However, researchers do warn against complacency.  Last Friday, leaked documents from the UK Government showed that the UK parliamentary IT system was hit by the Conficker virus.  A memo sent to MPs, Lords and their staff claims that the worm was causing the network to slow down and locking some users out of their accounts.

MPs were requested not to connect “USB memory sticks or any other portable storage devices” on to the Parliament Network for the time being, as the worm is known to spread through such devices.

So it’s worth using the next couple of days to clean up any lingering Conficker infections by applying the Microsoft patch that closes the vulnerability exploited by the worm, and updating antivirus software.  There are also free Downadup-removal tools available on the web.