Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: InfoSec News (alertsinfosecnews.org)
Date: Thu Jan 22 2009 - 01:09:49 CST
By Gregg Keizer
January 21, 2009
Microsoft Corp.'s advice on disabling Windows' "Autorun" feature is
flawed, the U.S. Computer Emergency Readiness Team (US-CERT) said today,
and it leaves users who rely on its guidelines to protect their PCs
against the fast-spreading Downadup worm open to attack.
In an alert issued on Monday, US-CERT said Microsoft's instructions on
turning off Autorun are "not fully effective" and "could be considered a
The flaw in Microsoft's guidelines are important at the moment, because
the "Downadup" worm, which has compromised more computers than any other
attack in years, can spread through USB devices, such as flash drives
and cameras, by taking advantage of Windows' Autorun and Autoplay
Autorun, the focus of the US-CERT warning, lets Windows automatically
run any program specified in the "autorun.inf" on, for example, a CD or
a flash drive, as soon as the disc or device is inserted or connected.
By default, Windows has Autorun enabled.
Best Selling Security Books & More!