Counterfeit Windows XP Breeding Malware

  /     /     /  
Publicated : 22/11/2024   Category : security


Counterfeit Windows XP Breeding Malware


Security firm finds that 74% of all rootkit infections can be traced to Windows XP machines.



Beware Windows XP, as 74% of rootkit infections can be traced to PCs running that operating system. By comparison, only 17% of rootkit infections were spotted running on Vista, and 12% on Windows 7.
That finding comes from Avast--a
free antivirus
software developer based in Prague--and is based on a six-month study the company conducted of 630,000 malware samples encountered by its users.
Interestingly, the prevalence of rootkits running on Windows XP, which debuted in 2001, is greater than the operating systems actual market share, which for Avast users was 49%, compared with Windows 7 (38%) and Vista (13%).
Attackers favor rootkits because they can surreptitiously be used to
gain admin-level access
to a PC, then silently install additional files and steal data. Because of the way they attack--and stay concealed--deep in the operating system, rootkits are a perfect weapon for stealing private data, said Przemyslaw Gmerek, Avasts lead researcher, in a statement. He plans to detail his rootkit research in full, this week at the
Black Hat USA
conference, a UBM TechWeb event, in Las Vegas.
Most often, rootkits attack the master boot record (in 62% of attacks), followed by driver infections (27%). In terms of specific rootkits, Avast said that
Alureon botnet
--aka the TDL3 and TDL4 rootkit family--accounted for nearly three-quarters of all rootkit infections.
What, however, makes Windows XP such a rootkit magnet? One issue with Windows XP is the high number of pirated versions, especially as users are often unable to properly update them because the software cant be validated by the Microsoft update, said Gmerek. As a result, he said, numerous Windows XP users arent using the latest version--SP3--but rather earlier versions, such as SP2, which Microsoft
ceased supporting
--as well as patching--in July 2010. (Microsoft has said that it will cease supporting Windows XP SP3 in April 2014.)
Attackers also favor Windows XP because even SP3 lacks some of the anti-rootkit and other security features that Microsoft has added to more recent operating systems, including
user account control
,
PatchGuard
, and driver signing.
Since Windows XP, Microsoft has continued to boost the security of its operating systems and applications, although developer uptake of the enhancements can lag. Earlier this year, notably, Microsoft
called on developers
to implement more secure lifecycle software practices, as well as to better avail themselves of newer Microsoft-built mitigation technologies, including data execution prevention (to prevent attackers from executing arbitrary code) and address space layout randomization (to make it difficult for malware to locate known files on a PC that may contain vulnerabilities).
Read our report on how to guard your systems from a SQL attack.
Download the report now
. (Free registration required.)

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Counterfeit Windows XP Breeding Malware