What do you think of when you hear the word “malware”? Most people think of the general term “virus”–something that a hacker puts on your computer that disrupts activity or steals information. In reality, malware (malicious software) can encompass a variety of different hacker tools, and true viruses are just one in a long list that includes Trojan horses, spyware, and today’s topic: the computer worm.
Recently, a highly infectious computer worm coined W32/Autorun was discovered infecting Windows computers. What makes a worm like W32/Autorun unique is that unlike a true virus, a worm doesn’t actually steal something from your computer. Instead, it’s designed to spread rapidly and open as many security holes as possible–ultimately allowing hackers to download a different form of malware (possibly a virus or a Trojan that targets your financial records) that will steal information, money, or both.
How the Worm Spreads
The W32/Autorun worm spreads through physical contact. In your computer’s case, this means connecting an infected flash drive, logging into a shared Internet connection, or plugging into a shared external hard drive. Once the worm infects a new computer through a shared connection or device, it replicates itself multiple times and looks for more ways to spread.
There are 2 key ways that W32/Autorun gets past your computer’s defenses:
1. Windows AutoRun: An Automatic In
W32/AutoRun takes advantage of Microsoft’s AutoRun feature. While this feature was not included in Windows 8 for security reasons just like this, it still exists on many older machines that haven’t been updated in a while. When you plug a device into an older Windows computer that does have AutoRun, a dialog box pops up asking if you want to automatically run whatever is on the device. As you can imagine, this capability is a huge risk from a security perspective. Unsuspecting users click “run” only to find that they’ve authorized the W32/Autorun worm.
2. Fake Folders Lure Victims In
For users who don’t have AutoRun enabled, like those using Windows 8, W32/Autorun disguises itself as interesting files and folders to trick you into downloading the worm. For example, W32/Autofun often creates imposter files with names like “porn” and “sexy” in infected flash drives or shared Internet connections to lure potential clicks. Once you click on the file to open it, it’s exactly like prompting AutoRun–the file is executed, and your computer is infected.
To ensure full impact, the worm can also change your computer’s settings to allow it to run every time you boot up. Some variants of the worm even disable Windows updates to prevent the system from downloading security patches. This process ensures that the worm can do its job: infect every device your computer comes into contact with and open the door for any virus a hacker wants to install at your expense.
How to Prevent a W32/Autorun Infection
1. Disable AutoRun
If your computer is still prompting you to automatically run applications whenever you insert a CD, log into a new Internet connection, or plug in a flash drive, update your computer as soon as possible. Visit the Microsoft website to learn how to disable AutoRun for your specific version of Windows. To disable AutoRun independently of software updates, the easiest way is to download a free utility like Disable AutoRun.
2. Beware of Shared Removable Devices
Remember: this worm is highly infectious. If you share a flash drive with a friend whose computer is infected, that flash drive can carry the worm back to your computer. If you do need to share a device, make sure AutoRun is disabled when you plug it back in, and check that your security protection has the capability to scan new drives to prevent you from clicking on infected files.
Reliable Anti-Virus: What to Do When You’re Already Infected
While my first two tips focus on prevention, a reliable security solution will not only prevent a W32/Autorun infection, but also remove it from your computer. Solutions like McAfee All Access will catch the W32/Autorun worm bug and others like it, preventing you from accidentally spreading it to friends and family. If you already have a McAfee solution installed, visit our website for details on how to download the latest fix for the W32/Autorun worm.
For more on this topic and other emerging security threats, follow us on Twitter at @McAfee.
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
