Windows XP PCs breed rootkit infections

By +Frank B.
in Back Page News

 Share

Recommended Posts

Grand Master

+Frank B. Subscriber²

Posted
  • Subscriber²
Posted

Windows XP PCs breed rootkit infections

Three-fourths of all rootkits on decade-old OS, says antivirus firm

Machines running the decade-old Windows XP make up a huge reservoir of infected PCs that can spread malware to other systems, a Czech antivirus company said today.

Windows XP computers are infected with rootkits out of proportion to the operating system's market share, according to data released Thursday by Avast Software, which surveyed more than 600,000 Windows PCs.

While XP now accounts for about 58% of all Windows systems in use, 74% of the rootkit infections found by Avast were on XP machines.

XP's share of the infection pie was much larger than Windows 7's, which accounted for only 12% of the malware-plagued machines -- even though the 2009 OS now powers 31% of all Windows PCs.

Rootkits have become an important part of the most sophisticated malware packages, particularly botnets, because they mask the infection from the user, the operating system and most security software. By installing a rootkit, the hacker insures the compromise goes undetected as long as possible, and that the PC remains available to the botnet's controller for nefarious chores, such as sending spam or spreading malware to other machines.

Avast attributed the infection disparity between XP and Windows 7 to a pair of factors: The widespread use of pirated copies of the former and the latter's better security.

"According to our stats, as many as a third of XP users are running SP2 [service Pack 2] or earlier," said Ondrej Vlcek, the chief technology officer of AVAST, in an interview Thursday. "Millions of people are out of support and their machines are unpatched."

Vlcek assumed that many of the people running XP SP2, which Microsoft stopped supporting with security patches a year ago, have declined to update to the still-supported SP3 because they are running counterfeits.

Although Microsoft serves everyone, even pirates, its monthly security patches and service packs, most security experts believe that users of illegal copies are very hesitant to upgrade or even patch for fear that they'll trigger the black screen and anti-piracy nag notices that Microsoft slaps on screens when it deems a PC is running a counterfeit copy of Windows.

Rootkit%20Numbers.jpg

Vlcek urged users running legal copies to upgrade to XP SP3. "Moving to SP3 is the most basic thing that should be done," he said.

Also in play, said Vlcek, is Windows 7's stronger security, especially the 64-bit version.

"The 64-bit version [of Windows 7] has some technologies that really make it much more difficult for rootkits to infect the computer," said Vlcek, calling out that version's kernel driver-signing feature as key to keeping rootkits off machines.

But that hasn't completely protected Windows 7 64-bit, as Vlcek acknowledged.

"The surprising part to me was that I thought the Windows 7 [number] would be even smaller," Vlcek said.

Rootkits able to infect 64-bit copies of Windows 7 remain relatively rare, but they're certainly not unknown: The first popped up in August 2010, and a massive botnet some have called "practically indestructible" last month used a variant of the same malware to install a 64-bit rootkit on Windows 7.

That malware, which goes by a number of names -- Alureon, TDL, Tidserv and most recently, TDL-4 -- is especially devious, as it installs the rootkit into the Master Boot Record (MBR). The MBR is the first sector -- sector 0 -- of the hard drive, where code is stored to bootstrap the operating system after the computer's BIOS does its start-up checks.

By subverting the MBR, the rootkit is even tougher to detect, since it's already in place by the time the OS and security software are loaded into memory.

Avast found that rootkits which infected the MBR were responsible for 62% all rootkit infections.

Users who suspect that their PC is infected with an MBR-based rootkit can scrub their machine with one of several free rootkit detectors, including Avast's "aswMBR" and Sophos' "Anti-Rootkit."

Source: Computerworld

Grand Master

Fraud OS 11

Posted
Posted

/pwned only if running as admin. Just run it as limited user and use the built-in RunAs or SuRun (http://www.wilderssecurity.com/showthread.php?t=196737) if you use app that require admin privileges. There's ASLR (http://wehntrust.codeplex.com/) for XP too.

Experienced

Wolfbane

Posted
Posted

The fact that Windows 7 has a 12% share of the infections shows that MS still has a way to go with idiot-proofing their OS.

I guess one of the problems with security software is that the more often it notifies the user about something, the less likely the user is to read it (and the more likely they are to just click "Yes").

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

The fact that Windows 7 has a 12% share of the infections shows that MS still has a way to go with idiot-proofing their OS.

I guess one of the problems with security software is that the more often it notifies the user about something, the less likely the user is to read it (and the more likely they are to just click "Yes").

The issue is everyone has java and nobody updates it.

Grand Master

HawkMan

Posted
Posted

since when did XP have a 58% market share.

http://en.wikipedia.org/wiki/OS_market_share

Even the artifically high values of "Net Market Share" only lists it as 51, while the more realistic median value is 37. Heck even the second highest value after the artificial NMS numbers is 42.1%.

so assumign the rootkit share numbers are more correct than the OS market share numbers they use. the numbers are even more scary for XP. and that would seem more in line with my experiences as well.

Grand Master

Xilo

Posted
Posted

The fact that Windows 7 has a 12% share of the infections shows that MS still has a way to go with idiot-proofing their OS.

I guess one of the problems with security software is that the more often it notifies the user about something, the less likely the user is to read it (and the more likely they are to just click "Yes").

There's no cure for stupid.

Mentor

+Neyht Subscriber²

Posted
  • Subscriber²
Posted

Java's updater doesn't make it any easier at times.

Yeah, does the 64 bit version of java even have a working updater?

since when did XP have a 58% market share.

The 58% was probably true when the study was conducted and these are the results of that study....or are you really asking when did xp have 58% market share? If that's the case, then probably sometime last year?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft is making Windows 11's context menus faster, simpler, and configurable

      By +Nik Louch · Posted

      I don't hate the new menus, I am not a fan of the lack of features and how they went live when they clearly are not complete. The menu itself presents much better than the previous - but what's lacking (IMO) is: 1) Any kind of automated manipulation such as: "this goes on the new menu because you use this feature more often on this filetype" "this is rarely used and will fall back to the old menu" 2) Any kind of user manipulation such as: "a UI to add/remove/order items to the new menu"
    • AV2, successor to popular YouTube, Netflix, Amazon codec AV1, has a hard battle ahead

      By rdr2y2k · Posted

      as they say the best time to do it is now .
    • Microsoft is making Windows 11's context menus faster, simpler, and configurable

      By Yogurth · Posted

      The biggest issue in this version of Win 11 context menu, from usability standpoint, is the movable row with basic commands. Think of a car analogy...if You turn the week left the infotainment screen will move right and vice versa. With how it works now Microsoft made something forbidden in designing in any UI, software or hardware. I can't grasp who were the morons within Microsoft suggesting it was a good idea and gave it a green light.
    • LibreOffice 26.2.4

      By Copernic · Posted

      LibreOffice 26.2.4 by Razvan Serea LibreOffice is the free power-packed Open Source personal productivity suite for Windows, Macintosh and Linux, that gives you six feature-rich applications for all your document production and data processing needs: Writer, Calc, Impress, Draw, Math and Base. Support and documentation is free from our large, dedicated community of users, contributors and developers. You, too, can also get involved! Choosing Between LibreOffice Still and LibreOffice Fresh: LibreOffice Still is a good choice if you value stability, a longer support cycle, and a more conservative approach to software updates. It's suitable for businesses and organizations where reliability and compatibility are crucial. LibreOffice Fresh is ideal if you're an enthusiast or an early adopter who wants to stay on the cutting edge of LibreOffice development and is willing to accept more frequent updates and occasional minor issues. Features: Writer is the word processor inside LibreOffice. Use it for everything, from dashing off a quick letter to producing an entire book with tables of contents, embedded illustrations, bibliographies and diagrams. The while-you-type auto-completion, auto-formatting and automatic spelling checking make difficult tasks easy (but are easy to disable if you prefer). Writer is powerful enough to tackle desktop publishing tasks such as creating multi-column newsletters and brochures. The only limit is your imagination. Calc tames your numbers and helps with difficult decisions when you're weighing the alternatives. Analyze your data with Calc and then use it to present your final output. Charts and analysis tools help bring transparency to your conclusions. A fully-integrated help system makes easier work of entering complex formulas. Add data from external databases such as SQL or Oracle, then sort and filter them to produce statistical analyses. Use the graphing functions to display large number of 2D and 3D graphics from 13 categories, including line, area, bar, pie, X-Y, and net - with the dozens of variations available, you're sure to find one that suits your project. Impress is the fastest and easiest way to create effective multimedia presentations. Stunning animation and sensational special effects help you convince your audience. Create presentations that look even more professional than the standard presentations you commonly see at work. Get your collegues' and bosses' attention by creating something a little bit different. Draw lets you build diagrams and sketches from scratch. A picture is worth a thousand words, so why not try something simple with box and line diagrams? Or else go further and easily build dynamic 3D illustrations and special effects. It's as simple or as powerful as you want it to be. Base is the database front-end of the LibreOffice suite. With Base, you can seamlessly integrate into your existing database structures. Based on imported and linked tables and queries from MySQL, PostgreSQL or Microsoft Access and many other data sources, you can build powerful databases containing forms, reports, views and queries. Full integration is possible with the in-built HSQL database. Math is a simple equation editor that lets you lay-out and display your mathematical, chemical, electrical or scientific equations quickly in standard written notation. Even the most-complex calculations can be understandable when displayed correctly. E=mc2. LibreOffice also comes configured with a PDF file creator, meaning you can distribute documents that you're sure can be opened and read by users of almost any computing device or operating system. LibreOffice also comes configured with a PDF file creator, meaning you can distribute documents that you're sure can be opened and read by users of almost any computing device or operating system. Download: LibreOffice 64-bit | LibreOffice 32-bit ~300.0 MB (Open Source) View: LibreOffice Website | Screenshot | Release Notes Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Amazon eero Pro 6E mesh Wi-Fi system 2-pack is 27% off

      By Ivan Jenic · Posted

      Amazon eero Pro 6E mesh Wi-Fi system 2-pack is 27% off by Ivan Jenic The Amazon eero Pro 6E mesh Wi-Fi system is currently $239.99 on Amazon for the 2-pack, down from $329.99. That's 27% off and $90 saved for a solid Wi-Fi solution that covers your entire home (purchase link down below). The 2-pack covers up to 4,000 square feet (372 square meters) and supports 100+ connected devices, which handles the vast majority of home setups without breaking a sweat. Wi-Fi 6E brings access to the 6 GHz band for lower latency across the network, and the 2.5 Gb Ethernet port supports gigabit+ internet plans if your ISP offers them. eero's TrueMesh technology handles traffic routing automatically, so you're not manually managing which devices connect to which node. You set up the entire thing through the eero app, and the entire process takes a few minutes. The system also receives automatic security updates in the background, so once you set it up, you don't have to worry about compatibility issues. If you're covering a larger home or want more nodes, the 3-pack is $329.99 and the 4-pack is $479.98, both at similar discount levels. It's worth mentioning that a newer model exists, which is likely the reason for the discount, but the Pro 6E is still perfectly capable hardware for most homes. Amazon eero Pro 6E mesh Wi-Fi system 2-pack - $239.99 | 27% off on Amazon This Amazon deal is US-specific and not available in other regions unless specified. This is a first-party seller link (at the time of article publishing); ensure that you also purchase from a first-party seller link only. If you don't like it or want to look at more options, check out the previous deals that we have covered, OR you can also visit Amazon US deals page. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.

  • Recent Achievements

    • Week One Done
      I2D earned a badge
      Week One Done
    • Week One Done
      Dr Jared Dental Studio earned a badge
      Week One Done
    • Week One Done
      RG INVESTMENT GROUP earned a badge
      Week One Done
    • Very Popular
      The Norwegian Drone Pilot earned a badge
      Very Popular
    • Very Popular
      s0nic69 earned a badge
      Very Popular

  • Popular Contributors

    1. 1
      +primortal
      484
    2. 2
      PsYcHoKiLLa
      258
    3. 3
      Skyfrog
      84
    4. 4
      FloatingFatMan
      64
    5. 5
      Michael Scrip
      63
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!