Autorun Worm Spreads through Networks, Removable Media Hits Windows 7 and Windows 8

Sophos warns of about a new form of a malware called "W32/VBNA-X," that exploit the four-year-old Windows AutoRun bug on unpatched Windows including Windows 7 and Windows 8 operating systems.Microsoft had released updates for XP, 2003 and Vista in February 2011 to disable Autorun on all media aside from "shiny discs." And, the Windows 8 […]

Sophos warns of about a new form of a malware called "W32/VBNA-X," that exploit the four-year-old Windows AutoRun bug on unpatched Windows including Windows 7 and Windows 8 operating systems.

Microsoft had released updates for XP, 2003 and Vista in February 2011 to disable Autorun on all media aside from "shiny discs." And, the Windows 8 comes with dedicated patches that block the launch of Autorun.inf files

Sophos notes that the virus appears to be a cocktail of clever social engineering, poor default settings and user carelessness. It's triggered whenever a user inserts "any portable media storage" in their computer as well as . In some cases, the infection also spreads through the network sharing and social network sites "once the user clicks the infected file."

Once it infects the computer, "the malware creates a autorun.inf file for the unpatched victims, and begins to enumerate all of the file and folder names on writable shares and removable devices. For example, say your E: drive is a network share with folders named au and r and files named as.txt and Adobe.pdf. It will set all of these to have the hidden attribute and set a registry key to ensure hidden files are not displayed. Then it will create copies of itself called Porn.exe, Sexy.exe, Passwords.exe and Secret.exe in addition to creating a copy of itself for each legitimate file and folder present on the volume. The duplicates of the original folders and files will have their icons set to the standard folder icon in Windows 7," the security company explains.

sophos: W32/VBNA-X Windows worm spreads quickly through networks and removable media

The malware the connect to a command-and-control server, waiting for additional instructions that could comprise downloads of other apps, such as Trojans and malicious software used for stealing bank accounts data.

Users are highly recommended to update their anti-virus software and and must ensure Autorun is totally disabled on all Windows operating systems.

  • "Make sure your standard Windows images and group policies are configured to show file extensions and hidden files.
  • Restrict write permissions to file shares to allow access only where absolutely necessary.
  • Block all outbound connections to unknown ports and services on your gateway and client firewalls.
  • Ensure behavioral detection technologies are enabled in your anti-virus product to detect addition of malware persistence schemes and tampering with updating and anti-virus settings," Sophos said.

You can refer to this Microsoft knowledge base article "How to disable the Autorun functionality in Windows" - KB967715 for manual instructions to disable Autorun or for official Fix it.

Windows Store now strong with around 20,000 apps available worldwide, was until now exclusively available for Windows 8 -- now has a "unofficial" browser-based version and let the users browse the apps in the same way as they would do on a Windows 8 device.

The MetroStore Scanner comes with regular feature like quickly search for a specific app, but also offer a dedicated "Details" button to load the app in the official browser-based Windows Store released by Microsoft. It also comes with a feature that scans local versions of the Windows Store and lets you filter them by country. You can, for instance, view the apps available only for United States, or simply browse all apps released worldwide.

MetroStore Scanner: Browser-based Windows Store

Check out MetroStore Scanner.

Update 12/04: Microsoft in order to help developers to create apps for Windows 8 straight from their browser released a new tool called TouchDevelop App.

"TouchDevelop Web App is a development environment to create apps on your tablet or smartphone, without requiring a separate PC. Scripts written by using TouchDevelop can access data, media, and sensors on the phone, tablet, and PC," Arjmand Samuel, senior research program manager, Microsoft Research Connections, explained.

"The script can interact with cloud services, including storage, computing, and social networks. TouchDevelop lets you quickly create fun games and useful tools, turning your scripts into true Windows Phone and Windows 8 apps."

TouchDevelop Web App's "editor and programming language have been designed for tablet devices with touchscreens, but you can also use a keyboard and a mouse," the Microsoft added.

Get Microsoft Silverlight

The service asks users to sign in with Windows Live, Facebook or Google accounts to get access to all features.

Also, a new dedicated website providing free tools and documentation to developers who wish to focus on Windows 8 apps is now launched.

Besides a "getting started" guide, developers are also provided with Visual Studio 2013 Express for Windows 8 (completely free for students) which includes the Windows 8 software development kit, the Windows app certification kit and Blend for Visual Studio to create and edit images.

Check the new site here.