First published: 15th June 2011
Microsoft has reported a sharp drop in infections by malware that exploit the Autorun feature of Windows since the feature was disabled by an automatic update on 8th February 2011.
The report in the Microsoft Malware Protection Center blog explains that the update changed the behaviour of Windows XP SP3 and Windows Vista when removable media such as thumb drives are attached, but not for CDs or DVDs. Windows 7 already had Autorun modified, and earlier versions of Windows, such as XP SP2, were not updated because they are out of support.
Statistics collected by the Microsoft Malicious Software Removal Tool showed that infections of major Autorun-abusing families, such as Taterf, Rimecud and Conficker, dropped by 1.3 million, comparing the three months before and after the update. Unsurprisingly, the reduction was greatest for the operating systems that were updated, Windows Vista SP 2 saw an 82% decrease. However, there was also a "herd immunity" effect, with Windows XP SP2 infections dropping about 20% - with a smaller population of infected systems, a vulnerable system is less likely to be infected. This can also be seen in the number of infection attempts, which fell by 68% overall.
The infection rate did not fall to zero because these malware families have multiple spreading methods. This data is further confirmation of the phenomenon seen with DOS file viruses, boot sector viruses and Office Macro viruses: viruses die out when the environment that supports them changes.