PLEEEEASE Infect me
This is what Windows says when you install it. You see, there is a default setting called “autorun” that will automatically run a program when you insert a CD or DVD or thumb drive into your computer. The idea is that you put the media in there to run a program, so Windows may as well make it easy for you. The bad guys like this approach because it means that they can put a malicious file on a CD, DVD, or thumb drive and all you have to do is put it in the computer to infect your computer.
How bad is autorun? Steve Riley is a genuine security expert at Microsoft. You can see what he has to say about it here http://blogs.technet.com/steriley/archive/2007/09/22/autorun-good-for-you.aspx
At ESET, Trojans using autorun to infect computers have been one the most prevalent threats that we have been seeing for several months now.
Yes autorun is convenient, but it is a bit like making a car start moving forward automatically every time you put on your seatbelt. You will run into a lot of things in front of you!
Fundamentally, there are two types of readers here. The first type will disable autorun and be more secure. The second type will eventually be victims.
Author ESET Research, We Live Security