Mal/AutoInf-A, Mal/AutoInf-B, Mal/AutoInf-C [Sophos]
Worm.Win32.AutoRun, Trojan.Win32.AutoRun [Kaspersky]
TR/Virtool.INF.Autorun, TR/AutorunINF, TR/Autorun [Avira]
Generic!atr, Generic Autorun!inf.g [McAfee] TROJ_AUTORUN [Trend Micro]
Worm:Win32/Autorun!inf, VirTool:INF/Autorun.gen [Microsoft]
Trojan.Gen, Trojan Horse [Symantec]
Affected OS or Software
AutoInf is a component used by many malware families, notably Conficker, Sality and AutoRun. AutoInf is used to automatically run associated malware from removable media such as USB drives.
AutoInf is the malicious use of an autorun.inf file, usually on removable media. On unpatched Microsoft Windows computers the autorun.inf file is interpreted by the operating system and the commands it contains are followed automatically when a device is connected. Usually this means that malware on an infected device is run without any further user interaction. Older worms use this as a means of spreading from computer to computer via USB drives. They may also create these files on network drives. Microsoft issued a patch disabling autorun by default in February 2011 but despite this AutoInf is still commonly seen due to its use by older worms and their propagation across unpatched computers.
Even when autorun is disabled, version of Windows before Windows 7 may display the autorun action as an available option in an AutoPlay dialog. Some versions of AutoInf also use a deceptive name and icon in this dialog in order to confuse users into selecting a dangerous action. This is usually done by creating a duplicate entry for the "Open folder to view files" action.
Defending against the threat
Microsoft disabled autorun functionality on Windows operating systems in a patch issued in February 2011. Ensuring that the computer is fully patched will minimise the effects of AutoInf.
Microsoft KB971029 - Disable autorun
Sophos Endpoint Security provides detection of AutoInf and associated malware.
Device control functionality of Sophos Endpoint Security can be used to prevent unauthorised USB devices from connecting to PCs.