A flash drive connected to a Windows 7 PC, for instance, will only let the user open a folder to browser a list of files. To stop Conficker, and other malware that spreads by exploiting AutoRun and AutoPlay, Microsoft changed Windows 7 so that the AutoPlay dialog no longer lets users run programs - except when the device is a non-removable optical drive, in other words, a CD or DVD drive. (Conficker also spread to a PC if the user had earlier told AutoRun to make that choice by default.) It then spread to any other PC if the user connected the device to another computer, then picked the "Open folder to view files" option under "Install or run program" in the AutoPlay dialog. The worm, which first appeared in November 2008 and exploded in January 2009 - in part because a new variant added the ability to spread using USB flash drives - copied a malicious "autorun.inf" file to any USB storage device that was connected to an infected machine.
One of its most common uses is to start an installation program when a user puts a CD into the optical drive.ĪutoPlay, on the other hand, is the Windows feature that lets a user pick which program starts when a specific type of media, like a DVD containing photos, is inserted.Ĭonficker leveraged both. "Windows will no longer display the AutoRun task in the AutoPlay dialog for devices that are not removable optical media (CD/DVD) because there is no way to identify the origin of these entries," Arik Cohen, a program manager on the Windows 7 team, said in the entry on the Engineering Windows 7 blog.ĪutoRun is the technology that starts some programs automatically when a CD, DVD or other media is inserted.
0 kommentar(er)
