Microsoft delivers a huge blow to malware authors

As I was monitoring the feed from my local CERT this little titbit caught my eye. It is about how, in my opinion, Microsoft is doing the right thing.

What has happend is that Microsoft has changed the way that autorun is executed, thereby stopping malware from exploiting the USB key to spread itself. The change is that thee have disabled autorun for everything but CD and DVD. DK-CERT bullitin (Danish).

Image curtuesy of Microsoft Malware Protection Center

Microsoft Malware Protection Center has done an analysis on this vulnerability that was fixed in February 2011 with the windows update.  The reason for the fix is that during the last half of the year 2010 there was an increase in malicious code using the autorun.inf to infect systems.  The MMPC did the analysis on data reported from Microsoft security products. They says that in the period of January 2011(pre fix) and May 2011 (post fix) the saw a drop in exploitations using the autorun from 59% on windows XP and a fall by 74% on Windows Vista.

This entry was posted in IT Security, Week 21. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s