Microsoft has recently issued updates for Windows XP and Vista which can help stop worms such as Conficker spreading via infected flash drives.  Windows 7 is already protected.

The updates modify the way AutoRun and AutoPlay work, to keep malware from silently installing on a victim’s PC.  Conficker and similar worms use a malicious “autorun.inf” file on USB storage devices connected to already-infected machines, which then spread to any other PC if the user connected the device to that second computer and picked the “Open folder to view files” option under “Install or run program” in the AutoPlay dialog.

The change to the AutoPlay dialog no longer let users run programs, except when the device is a nonremovable optical drive.  Instead, a flash drive connected to a Windows 7 system only opens a folder to show a list of files.

The updates are available for download and installation from Microsoft’s download site, and are strongly recommended.

Earlier this year we posted on this blog about the continued rise of malware that exploits the Windows AutoRun feature to replicate onto removable media, such as USB thumb drives.  As we saw just a couple of weeks ago, a UK local government body suffered significant problems and incurred high costs as a result of a Conficker infection, which uses this exploit.

Of course, our Cruzer Enterprise flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, because they will quarantine and destroy the malware if copied onto the drive. 

But it’s also worth a reminder that that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames.  While disabling Windows AutoRun is possible, it’s also inconvenient for users to manually launch a portable device or program they may need. 

We would suggest exercising extreme caution in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.  These measures will help to minimise any risks.

As you may have seen in the last week or so, the latest version of Apple’s Macintosh OS, known as Snow Leopard, includes for the first time features to detect and warn users about some types of malware.

However, a number of external parties have tested these features, and found that they will only detect the specific malware if it’s encountered via a Web browser.  The features will not detect malware if it is carried and inserted into the machine via a removable drive, such as a USB flash drive.

Although Apple has said for many years that Mac users don’t really need to worry about malware, the threat landscape is constantly changing.  So Mac users should be careful about possible infections from any source, whether on the web or by removable media.