US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that has autorun enabled, the system may become infected with this malware with no additional interaction from the user. Autorun is enabled by default.
US-CERT encourages users and administrators to consider implementing the following best security practices to help mitigate the risks associated with this type of issue:
- Disable autorun in Windows.
- Maintain up-to-date antivirus software.
- Maintain up-to-date hardware, operating systems, and software by applying security patches, fixes, and updates.
- Perform virus scanning of the removable media devices prior to each use.
Information about disabling autorun in Windows, including a fix-it tool, can be found in Microsoft knowledgebase article 967715.
This product is provided subject to this Notification and this Privacy & Use policy.