Study: Rootkits target pirated copies of Windows XP

Summary:During the six month study, researchers from Avast have sampled 630, 000 Windows rootkits, to find out that 74% of infections originated from illegal copies of Windows XP.

During the six month study, researchers from Avast have sampled 630, 000 Windows rootkits, to find out that the majority have infected pirated copies of Windows XP.

According to the study, 74% of infections originated from Windows XP machines, compared to 17% for Vista and only 12% from Windows 7 machines. The study also found that rootkits infecting via the MBR were responsible for over 62% all rootkit infections.  Driver infections made up only 27% of the total. The clear leader in rootkit infection were the Alureon(TDL4/TDL3) family, responsible for 74% of infections.

With millions of PCs behind the WGA (Windows Genuine Advantage) wall, the number of infections is prone to increase. Not surprisingly, the researchers contribute the limited number of infections affecting Windows 7 to the availability of UAC, Patchguard and Driver Signing in the latest Windows versions.

Topics: Software, Microsoft, Operating Systems, Security, Windows

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.