McAfee Blew Shady RAT Analysis, Kaspersky Says

Security expert Eugene Kaspersky dismissed the seriousness of the Shady RAT botnet and suggested McAfee was purposefully alarmist in its report.

(click image for larger view)
Slideshow: 10 Massive Security Breaches
A war of words has emerged over McAfees Shady RAT report, which traced the use of a set of remote access tools to a series of online attacks.
Eugene Kaspersky, CEO of Kaspersky Lab, alleged Thursday that McAfee--and in particular, Dmitri Alperovitch, McAfees threat research VP and author of
the report
--purposefully mischaracterized the seriousness of the threat he found.
We conducted detailed analysis of the Shady RAT botnet and its related malware, and can conclude that the reality of the matter (especially the technical specifics) differs greatly from the conclusions made by Mr. Alperovitch, said Kaspersky, in his
blog post
, titled Shoddy RAT.
We consider those conclusions to be largely unfounded and not a good measure of the real threat level, he said. Also, we cannot concede that the McAfee analyst was not aware of the groundlessness of the conclusions, leading us to being able to flag the report as alarmist due to its deliberately spreading misrepresented information.
According to Kaspersky, the malware used in the attack was widely known, but relatively unsophisticated, and would be worth just a few hundred dollars on the black market, compared with top botnets, which might fetch $2,000 to $3,000. Most security vendors did not even bother assigning a name to Shady RATs malware family, due to its being rather primitive, he said. Furthermore, he said, there was
no evidence
of a state sponsor behind the attacks.
Kasperskys criticism came in the wake of a
letter
sent to McAfees Alperovitch by Rep. Mary Bono Mack (R-Calif.), chairman of the House Subcommittee on Commerce, Manufacturing, and Trade, seeking more details on Shady RAT.
Kasperskys post also followed the publication, on Wednesday, of a
story
in
SC Magazine
, quoting McAfees Alperovitch as saying, If you think this is an unsophisticated botnet then youve got no clue, or youre not willing to talk about it.
That seemed to be a response to an analysis of Shady RAT published by Symantec researcher Hon Lau, which
disputed that the attack was advanced
, since the attackers made server configuration errors and used relatively non-sophisticated malware and other attack techniques. Sure the people behind it are persistent but no more so than the myriad of other malware groups out there such as Zeus, Tidserv, and others like them, said Lau, referring to two well-known and quite effective
botnet and rootkit
families used by criminals.
Kasperskys criticism in turn triggered a response from McAfee. Hes missing the point, said Phyllis Schneck, McAfees VP & CTO for global public sector at McAfee, in a
blog post
released Friday.
Its not the sophistication of the attack thats important, and this is a clear case where technical arguments are preventing some people from seeing the larger, more important picture, she said. It was only as advanced as it needed to be. The impressive thing here was the breadth of targets, the length of the attack, and the amount of data taken, remembering also that we know only of 72 companies/organizations victimized through one command and control server, out of hundreds or more used by this adversary.
Quiet, insidious, market-changing threats like these hide in the noise of botnets, hacks, and other high-profile or nuisance events, she said.
At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25.
Register now
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
McAfee Blew Shady RAT Analysis, Kaspersky Says