Why do people mention USB sticks as the infection vector, and “AutoPlay” as an infection catalyst?
Because with MS Windows AutoPlay, infection could be automatic upon connecting a USB stick to the system, assuming the default action is set to “open to view files”. But frankly, AutoPlay should not be the center of discussions: USB sticks primarily being storage media, a user inserting one is likely to open it at some point. Beyond that, USB sticks have two interesting properties for the attackers: 1. They can carry the malicious dll to be loaded, almost without any size restriction. 2. Being physical objects, they tend to pass through firewalls… Directly from the parking lot to the internal network.