Avast has published a blog post warning computer users about the increasing number of malware attacks targeting USB drives and Windows' AutoRun feature. During the last week of October, the security company recorded some 700,000 attacks on computers that voluntarily submitted data, and one out of every eight (13.5%) came from USB devices.

"AutoRun is a really useful tool, but it is also a way to spread more than two-thirds of current malware," said Virus Lab analyst Jan Sirmer. Cyber-criminals are preying on people's natural inclination to share files with family, friends and coworkers via USB-attached memory, which is in handheld consoles, cell phones, digital cameras and portable music players.

Avast says its anti-virus software thwarted 84% of the USB/AutoRun related attacks with an on-access scan, while the remaining 16% were detected full drive scans. However, it was noted that detection rates could fall as storage devices grow in capacity. "A full scan can take up to an hour for a one terabyte device, so people will skip this entirely or just go for a quicker on-access scan." The firm offered a few pointers on keeping safe:

  1. Be aware. Around 60% of malware can now be spread via USB devices. This is an under-appreciated threat to home and business computers.
  2. Don't start attached. Turning on a PC with a USB device attached can result in malware being loaded directly to the computer ahead of some antivirus programs starting up.
  3. Scan first, look second. Make sure "on-access auto-scans" are enabled in in your antivirus program.