USB malware attacks is much more widespread than Stuxnet

According to the latest report by a security vendor one out of every eight PC attacks is made via USB devices targeting the Windows AutoRun function. Avast reported that it had detected an increasing number of malware attacks which target the AutoRun function in Windows and plug-in USB devices. Of the 700,000 recorded attacks on computers across the avast user community during the last week of October, one out of every eight attacks -- or 12.5 percent -- came via USB devices.

Malware spreading via USB devices exploit AutoRun feature on Windows machines which is used to alert computer owners when a new device such as a memory stick is connected.

"AutoRun is a really useful tool, but it is also a way to spread more than two-thirds of current malware. The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers -- which were also spread via infected memory sticks," said avast virus analyst Jan Sirmer.

"Cybercriminals are taking advantage of people's natural inclination to share with their friends and the growing memory capacity of USB devices. Put these two factors together and we have an interesting scenario."

Avast said AutoRun is misused when a USB device infected by "INF:AutoRun-gen2 [Wrm]", avast's generic detection term for this type of malware worm, is connected to a computer.

The infected device -- which could also be a PSP, digital camera, a mobile phone or an mp3 player - starts an executable file which then invites a wide array of malware into the computer. The incoming malware copies itself into the core of the Windows OS and can replicate itself each time the computer is started.