Downadup's autorun.inf file uses an action keyword and icon extracted from shell32.dll to produce the following:
The category is "Install or run program" but the text and icon are for "Open folder to view files".
The first option will run Downadup, not good. The second "general" option is the choice that will safely open the USB drive.
Being curious, we tried this autorun.inf with Windows 7:
And the results for Windows 7 were the same as Vista's:
Downadup attempts to disguise the installation option as an open folder action.
We would utilize Windows 7's "Send Feedback" link, but the lab's Windows 7 system is not connected to the Internet. It's being used to test our Client Security 8 application. Client Security 8 (Internet Security 2009, and some other recent releases) can generically detect Downadup's autorun file as Worm:W32/Downaduprun.A.