There are just two steps left: one that's technical (though very simple), and one that's purely for us humans. Let's start with the technical step, which is creating the autorun file:

1.  This really is as simple as creating a text file called autorun.inf that points to our executable. It must start with the line [autorun], with the file to open identified by open=. Microsoft defines other AutoRun commands, but open= is the only one we need. You can also add the icon= command, which will make the drive appear as the executable's icon (or any other icon you define), shown as follows:

2. Now, it's time for the social engineering part. What if AutoRun doesn't work? After all, it is disabled on a lot of systems these days. Remember that if someone went so far as to plug in our drive, they'll see the files. To hint that running DataRecovery.exe is worth the risk, we now add an enticing README file. In this case, the file will make it look like deleted files are available for recovery. Curiosity gets the best of a lot of people. You, the esteemed reader, may know better than to fall for this, but imagine scattering 100 USB drives throughout the public areas of your client. Don't you think you'd get a hit? Take a look at the following screenshot: