The Engineering Windows 7 blog explains how one of the main distribution vectors for recent malware such as Conficker has been placing fake messages on the AutoRun area of the AutoPlay screen which pops up by default whenever a CD or USB stick is plugged in. If an unthinking user clicks on a fake ‘Open folder to view files’ link (as indicated in the screenshot), they can easily end up with unwanted software.
In Windows 7 RC, however, the AutoRun dialog will be blocked whenever any rewriteable media is plugged in, although it will still appear for optical media like CDs or DVDs. In itself, that’s not going to stop malware being a problem, but it will eliminate one potential distribution method (and mean your own AutoPlay modifications probably won’t work any more).
Improvements to AutoPlay [Engineering Windows 7]