How to stop automatic spreading of worms

One of the ways the Conficker worm and other, similar malware slimes its way from computer to computer is by taking advantage of the Autorun feature in Windows. If Conficker finds removable media (like a USB drive) on a PC it infects, it will infect that media in such a way that it will exploit Autorun to attempt to automatically infect a new computer when the drive is connected. Microsoft has shared instructions for manually disabling Autorun, but the steps are really meant for systems administrators rather than the average person. And up until this week, when Microsoft released a patch, the steps may not have even worked correctly, according to US-CERT. An easier solution, first posted by Nick Brown and then recommended by US-CERT, involves far fewer steps, but you'd still need to copy a few lines of code and create your own script. Not a big deal, but it could be easier. Enter your friendly neighborhood security blogger. I followed the steps described by Brown to create a ready-to-go script that you can simply download and double-click to disable AutoRun. And just to be thorough, I did the same for the step to turn it back on. I believe the script only works for Windows XP, but if you know differently, by all means let us know with a comment below. Also, it's important to note that if you turn off Autorun, you'll have to manually find and double-click installation programs and other things that would have been automatically started by Autorun. You might also run into trouble with U3 usb drives. But you will block off one of malware's dirty tricks.

2 comments:

Priya said...

Hello,

Very informative post and very useful...

This is Priya from SezWho here. I am writing to know your comments on the SezWho plug-in and any feedback that you may have which will help us to enhance the plug-in features and in turn help us serve you better.

Your feedback is important to us.

Look forward to your response.

Thanks
Priya
priya@sezwho.com

bryanarancon said...

As of now, i don't know how to use the plug-in...hehehe...Thanks!