Autorun

Analysis of an AutoRun.inf File
Remote Code Execution Exploit

Consider this AutoRun.inf file - typical of those used in removable media exploits
that have been reported:

[autorun]
open=kwjkpww.exe
shell\open=Open
shell\open\Command=kwjkpww.exe
shell\open\Default=1
shell\explore=Explore
shell\explore\Command=kwjkpww.exe

I put this AutoRun.inf file on my USB external drive along with a malicious executable with the filename referenced in the .inf file: kwjkpww.exe.

Connecting the drive, the malicious executable file 'kwjkpww.exe' referenced in autorun.inf is blocked when attempting to run.