A colleague and I just disinfected a PC at our kids school that had 15 or so virus fighting for attention on it. The culprit might have been unsafe Internet Explorer use, but more likely was infection from USB drives with auto run viruses. Plug in, get virus.
Yesterday, Microsoft announced that Windows 7 and coming Service Pack updates to XP and Vista will disable the auto-run feature.
Excellent. About a decade too late, but certainly a move in the right direction.
Here is how to disable Auto Run on your current machine.