One in Five PCs Infected With Rootkits

Malware researchers at Prevx have highlighted what they are calling a 'massive growth' in the number of PCs harboring rootkit infections. More than 725,000 PCs were scanned using the Prevx CSI malware scanner over a two-month period. Of the around 291,000 users who scanned their PCs during October 2007, some form of spyware or malware was found on one in six. Significantly, although rootkits were detected on 15.6% of PCs during October 2007, that figure had risen to 22% by early December. According to Prevx's Jacques Erasmus: "The rise of the rootkits has begun." Rootkits are often 'dropped' or buried by other infections. They then modify a PC's operating system to hide themselves from both the user and any security products installed on the computer.

By so doing rootkits can allow criminals to remotely monitor, record, modify, steal and transfer data from the victim's PC. Some rootkits are undetectable by conventional antivirus and antispyware applications. A tech-savvy user may believe his or her computer is 'clean', and unwittingly pass on increasingly valuable personal and financial data. Since 1 December 2007, 114,891 new users have run Prevx CSI with rootkit-detection features enabled. Of those PCs, 1,678 had what Prevx describes as 'significant rootkit infections'. That equates to 1.46% or approximately one in 70 systems, which is almost 15 times higher than the one in 1,000 rootkit-infected PCs previously estimated by industry experts.

View: Full Story @ PC World

Report a problem with article
Previous Story

Skype 3.6.0.244

Next Story

Google Adds Blogs to Universal Search

37 Comments

Commenting is disabled on this article.

The problem with these stats is they are presumably only gathered when someone scans their PC with the software... But most people probably don't bother using this kind of software unless they suspect something might be up.. becuase of this I very much doubt that the sample used to generate the stats is a real picture of how things are.

This study can be real but still missleading.

If you own the latest antivirus, firewall, antirootkit and such, and your pc runs fine, then most likely you don't run another rootkit detector.

But if you are never checked for rootkit, nor your antivirus detect it and your pc runs slow or show some suspicious messages, then you will test this root.

Is the same that a hospital say that 99% of the population are sick because 99% of their customers came to the hospital with some health trouble.


ps :and for the records:


linux lol :P :P :P :P

For heavens sake guys, if you don't like the Mac and Linux jibes, just ignore them. All this bitching, and "I told you so" exacerbates the subject. Unfortunately moderators here only sensor people bad-mouthing Microsoft , so all these petty Mac and Linux spats are lapped up.

Significantly, although rootkits were detected on 15.6% of PCs during October 2007, that figure had risen to 22%

keep in mind OP that the % is based on the PCs that used their scanner, not PCs amongst the populace.

-d

This was a big reason why I switched from a PC to a Mac. Thanks to the Mac's superior Unix foundation, these things simply aren't possible. A lot of you PC nuts here think you're real smart when it comes to malware but just as the ad pointed out, "A tech-savvy user may believe his or her computer is 'clean', and unwittingly pass on increasingly valuable personal and financial data." It doesn't matter how great your antivirus program is, you might be infected and not even know it.

The only REAL bullet proof answer to malware once and for all is Mac OS X. Take a look at the Proof

markjensen said,
For the love of all that is holy, please stop spamming Apple adverts!

And, yes, rootkits exist on the "superior Unix foundation", too!
http://www.sophos.com/virusinfo/analyses/shrenepoa.html

Educate yourself. And, until that time, please refrain from posting. :)

Nice try finding a proof of concept malware that was detected in 2004!

Fact of the matter is, Malware does not exist for Leopard and it never will. Educate yourself and until that time, please refrain from posting.

internetworld7 said,

Nice try finding a proof of concept malware that was detected in 2004!

Fact of the matter is, Malware does not exist for Leopard and it never will. Educate yourself and until that time, please refrain from posting. :rolleyes:

Malware may not exist in the wild at the current moment or in the past, but that's a pretty large and stupid claim to say that it never will in the future.

internetworld7 said,

Nice try finding a proof of concept malware that was detected in 2004!

Fact of the matter is, Malware does not exist for Leopard and it never will. Educate yourself and until that time, please refrain from posting. :rolleyes:

That does not mean it cant happen. Educate yourself and until that time, please refrain from posting.

X'tyfe said,

That does not mean it cant happen. Educate yourself and until that time, please refrain from posting. :D

its going to be funny if a exploit gets released that gets through Mac OSX's Unux permision system and just OWN there machines.

internetworld7 said,
Fact of the matter is, Malware does not exist for Leopard and it never will. Educate yourself and until that time, please refrain from posting. :rolleyes:
Mmmmm... Let's look at your first post:
these things simply aren't possible
I posted proof that things like rootkits are, indeed "possible". In fact, not just possible, but they have existed.

Now, I know that your brain isn't wired to evaluate facts and come to reasonable conclusions. But the truth, so they say, is out there. Go back to burying your head in the sand or some body orifice where it is normally kept. Bye.

internetworld7 said,

Nice try finding a proof of concept malware that was detected in 2004!

Fact of the matter is, Malware does not exist for Leopard and it never will. Educate yourself and until that time, please refrain from posting. :rolleyes:

There it is, folks! The stupidest thing ever uttered on the Internet.....

You're worse than I am. MUCH worse.

At least be clever about it. Make a smartass remark . . . say *something.*

It's like I can adjust Safari's ad-block filter to screen you out, LOL.

internetworld7 said,

You mean on my PS2 or Xbox 360? Because it's the Mac that pays the bills. :D

Really bro, is it your mission to convert people to Apple? Please stop. I'm asking nicely.

What kind of stupidity is spewn in this thread?

Will a Mac OS X Leopard trojan in the wild on October 31, 2007 convince you better?
http://www.intego.com/news/ism0705.asp

Whoops, it's rated as a critical risk too. Even MacWorld covered it.

These things happen all the time, so just drop it. Owning a Mac isn't an excuse for being woefully ignorant.

warwagon said,

its going to be funny if a exploit gets released that gets through Mac OSX's Unux permision system and just OWN there machines.

Why would that be funny? Thats exactly what happens to windows boxes everyday. Malware circumvents the entire security system by using various bugs, buffer overruns, etc to allow code to execute at a privledged level.

While I agree spyware for unix/MAC is possible, thus far even the proof of concept spware required user interaction in able to install itself. Uneducated users allowing programs to run when they have no idea what they do is an issue, but one fixed through education. What can't be fixed by education is someone going to a website, and being infected by 12 different viruses with nary a popup, alert, or error from their OS or Browser software.

So while the jackass spamming mac ads is wrong, its still less likely for a MAC user to get unintentionally infected with spyware. Not impossible, not even improbable...just less likely.

RAID 0 said,

Really bro, is it your mission to convert people to Apple? Please stop. I'm asking nicely.

Yes I would like to get you PC users out of the dark ages. I'll stop and I'm telling you nicely that I'll stop.

internetworld7 said,

Yes I would like to get you PC users out of the dark ages. I'll stop and I'm telling you nicely that I'll stop.

Oh, just shove it, really! Even the usual Mac fans are telling you to shut up.

internetworld7 said,
Fact of the matter is, Malware does not exist for Leopard and it never will. Educate yourself and until that time, please refrain from posting. :rolleyes:

Someone once said,
"It is better to not speak at all and be thought a fool than to speak out and remove all doubt."

..thanks for providing a textbook example of precisely what this means.

GreyWolfSC said,

Oh, just shove it, really! Even the usual Mac fans are telling you to shut up.

GreyWolfSC:

+1

Quote - Abraham Lincoln said:
It is better to remain silent and be thought a fool than to speak out and remove all doubt.

Amen

internetworld7 said,

Yes I would like to get you PC users out of the dark ages. I'll stop and I'm telling you nicely that I'll stop.

Thank you! Thank you very very much!

internetworld7 said,

You welcome! You welcome very, very much!

It's clear internetworld7 is a 4 year old little girl with no experience in the industry. He likes the Apple hype and like all Macheads turns into an ostrich when it comes to how vulnerable Macs (yes even ****ty ass Leopard) are to all kinds of malware-not just rootkits. I'm sure it's great you had all that cash to waste on a system that in theory seems more secure but thanks to morons like yourself spreading ignorant and untrue information just gives malware writers new ideas for avenues of attack. I bet you play secondlife with quicktime installed so your game account can be taken over (EVEN ON BUGGY ASS LEOPARD)(http://www.macnn.com/articles/07/12/04/qt.flaw.can.steal.lindens/). So, internetworld7, either stop posting ******y messages from your ****ty ass Apple or do what all other Macheads should do and go **** yourself and die.

DATmafia said,
It's clear internetworld7 is a ...
Dude. Lay off the caffeine and seek some professional help to deal with your anger issues. There is no need for that sort of childish personal attack.

Qumahlin said,
Why would that be funny? Thats exactly what happens to windows boxes everyday. Malware circumvents the entire security system by using various bugs, buffer overruns, etc to allow code to execute at a privledged level.

While I agree spyware for unix/MAC is possible, thus far even the proof of concept spware required user interaction in able to install itself. Uneducated users allowing programs to run when they have no idea what they do is an issue, but one fixed through education. What can't be fixed by education is someone going to a website, and being infected by 12 different viruses with nary a popup, alert, or error from their OS or Browser software.

So while the jackass spamming mac ads is wrong, its still less likely for a MAC user to get unintentionally infected with spyware. Not impossible, not even improbable...just less likely.

Other than the ANI exploit, have there been any privledge escalation or remote execution exploits used in anything other than proof of concept code in Vista? I know there were a few, but I haven't heard of any that were actually used

DATmafia said,
It's clear internetworld7 is a 4 year old little girl with no experience in the industry. He likes the Apple hype and like all Macheads turns into an ostrich when it comes to how vulnerable Macs (yes even ****ty ass Leopard) are to all kinds of malware-not just rootkits. I'm sure it's great you had all that cash to waste on a system that in theory seems more secure but thanks to morons like yourself spreading ignorant and untrue information just gives malware writers new ideas for avenues of attack. I bet you play secondlife with quicktime installed so your game account can be taken over (EVEN ON BUGGY ASS LEOPARD)(http://www.macnn.com/articles/07/12/04/qt.flaw.can.steal.lindens/). So, internetworld7, either stop posting ******y messages from your ****ty ass Apple or do what all other Macheads should do and go **** yourself and die.

Who knows he could be Steve Jobs himself...and when u find that out, you'll eat ur words that he doesnt have any industry experience!!?

The text above is inconsistent. How does:

"Significantly, although rootkits were detected on 15.6% of PCs during October 2007, that figure had risen to 22% by early December. "

Mesh with:

"...'significant rootkit infections'. That equates to 1.46% or approximately one in 70 systems..."

This makes no sense. There are so many nubers here with little explanation, that this is clearly just a cheating press release designed to get attention by a pointless company.

What a nice program - it by the way detects one of Company of Heroes patches as "Generic malware" so no wonder the "hits are high" :P

It also "talks" a lot to their web server, slightly suspicious to say the least.