Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Pirate Copies Of XP A Common Vector For Malware

Avast Software : 29 July, 2011  (Technical Article)
XP Continues to be the most popular version of Microsoft's operating system with large numbers of pirate versions in use which can't be secured by Windows Update creating an ideal vector for malware propogation
Pirate Copies Of XP A Common Vector For Malware

The AVAST Virus Lab has identified un-patched and often pirated versions of Windows XP as the main vector for rootkits infections. Data from a six-month study catalogued over 630,000 samples and found that 74% of infections originated from Windows XP machines, compared to 17% for Vista and only 12% from Windows 7 machines.

While Windows XP may be old, it is still the most common operating system around the globe with 49% of avast! antivirus users having it on their computers compared to the 38% with Windows 7 and the 13% with Vista.

Rootkits actively hide their presence from administrators by subverting standard operating system functionality or other applications as they access to software and data.

“One issue with Windows XP is the high number of pirated versions, especially as users are often unable to properly update them because the software can’t be validated by the Microsoft update,” said Przemyslaw Gmerek, the AVAST expert on rootkits and lead researcher. “Because of the way they attack – and stay concealed – deep in the operation system, rootkits are a perfect weapon for stealing private data.”

More recent operating systems like Windows 7 are more resilient to rootkits - but not immune. Including innovations like UAC, Patchguard and Driver Signing in the latest Windows versions has helped, but not provided fail-proof security. Cybercriminals are continuing to fine-tune their attack strategy with the Master Boot Record (MBR) remaining their favorite target for even the newest TDL4 rootkit variants.

The study found that rootkits infecting via the MBR were responsible for over 62% all rootkit infections.  Driver infections made up only 27% of the total. The clear leader in rootkit infection were the Alureon(TDL4/TDL3) family, responsible for 74% of infections.

“People need to keep an antivirus software installed and updated – regardless of where they got their operating system,” pointed out Mr. Gmerek. “And, if they suspect there is an issue, they can scan their computers a rootkit removal tool such as aswMBR.

avast! is the only AV solution to provide on-access detection of rootkits as they try to install themselves in addition to boot-time and on-demand scanning. These anti-rootkit features are included in all free and paid versions of avast!.

As the rootkit specialist at AVAST Software, Mr. Gmerek will be attending the upcoming Blackhat/Def Con events in Las Vegas on August 3-7, 2011. He and the AVAST Virus Lab team would also like the opportunity to brief the press ahead of the public release of his full rootkit research whitepaper. Mr. Gmerek has never before given a briefing to the US media and the session offers insight and detailed statistics around the global infection rates, sources and technological direction of rootkit creators.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo