Worm.Autorun is a family of worms that spread through systems by altering the present autorun.inf file on any removable media sources, such as USB drives, DVDs and the like. It is made with the intent to infect any system where such media sources are connected.
Autorun worms are often distributed through the use of executable files. The file may be a copy created in a previous worm infection or it may have been dropped on a device or the computer by exploit kits or trojans. The executables are often saved to the root directory on a computer or a disk drive, USB flash drives, mobile devices and more.
Creation of copies and infection spread
When the worm file is initially launched, it makes a copy of itself onto one or several drives on the device or computer it's present on. Some of the Autorun worms may also create copies of themselves over a shared network. As this keeps going on, the worm also creates an autorun.inf file in the root directory of any affected drive. The .inf file has the name and the location of the worm copy, and it also happens to be responsible for making more copies, even if the original file of the worm is never started up again.
If the affected drive or device gets opened, such as File Explorer, the .inf file is run automatically, which activates the worm copy, which makes more copies, repeating the cycle on and on again.
If the drive is a removable USB flash drive, then every time it is inserted in a clean computer or a device, that .inf file will launch the worm copy stored inside it, spread the infection onto the newly connected device or computer.
Autorun worms may also have a malicious payload that is used to distribute harmful software such as trojans and backdoors.