US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that has autorun enabled, the system may become infected with this malware with no additional interaction from the user. Autorun is enabled by default.
US-CERT encourages users and administrators to consider implementing the following best security practices to help mitigate the risks associated with this type of issue:
- Disable autorun in Windows.
- Maintain up-to-date antivirus software.
- Maintain up-to-date hardware, operating systems, and software by applying security patches, fixes, and updates.
- Perform virus scanning of the removable media devices prior to each use.