A friend wrote to me and related how he lost a good portion of his system due to someone connecting a USB drive to his system. It looks like something ran as soon as the USB drive was connected and spread throughout his system.
Odds are you've seen the semi-benign version of this when you put in an audio CD (or game, etc.) and the normal auto-run kicks up. Normally this isn't a bad thing, but if someone a little more malicious starts using it your in trouble.
For the techies amongst us, you can disable the AutoPlay feature on all drives through the Group Policy editor in Windows (gpedit.msc). The main setting is found at Administrative Templates -> System -> Turn Off Autoplay.
Just remember that once you do this, you wont see any automatic content. If you want to install that game or software your going to have to manually kick it off. Personally, I quickly turn off the auto-run on CDs as it drives me nuts (I'll run it thank you very much) so this was a nice tweak for some added security.
Windows XP Autoplay
USB Devices offer an old-school way to steal data