AutoRun worms are very prevalent, especially in the APAC regions. Read through this Combating guide to help understand how they work and what you can do to proactively protect yourself against new variants.
You can also use the Default Domain Policy in Active Directory to prohibit the automatic launching of executables on drives including removable and network drives. There should be the ability to granularize the setting instead of using the Default Domain Policy as a blanket setting, but we have applied the setting in Default Domain Policy to cover all machines. The setting is at: Computer Configuration, Administrative Templates, System, Turn off Autoplay. Setting should be “enabled” for “all drives.” Help for editing Group Policy should be available on Microsoft's support site.