Windows XP: Still big in botnets after all these years?

A new report shows how Windows XP is figuring strongly in one ongoing large-scale botnet operation that's predominantly targeting US banks.

Read this...

Windows XP: What to expect once Microsoft shuts down support

Even though the world won't end because of Microsoft's withdrawal of support for Windows XP, those left clinging to the OS after April's deadline still face a number of issues.

Read More

Windows XP use may be in decline but the 13-year-old Microsoft operating system still seems to be playing a disproportionately large role in botnet attacks.

Latest NetMarketShare figures give Windows XP a worldwide desktop share of 23.9 percent. Yet some 52 percent of the 500,000-plus infected machines in the active Qbot, or Qakbot, botnet are running it, according to Proofpoint.

The security firm said an analysis of the Russian-speaking criminal operation targeting the online credentials for mainly US banks through malware downloaded from compromised WordPress sites highlights the vulnerability of XP, which went out of support in April.

It is unclear to what extent XP is being targeted across a wider number of automated criminal attacks, but a McAfee report on the far smaller Athena HTTP botnet last year showed that almost all the machines affected were running Windows XP.

There were also suggestions earlier in 2014 that China's vast number of possibly unpatched XP devices could be ripe for exploitation by botnet operators.

Proofpoint engineering VP Wayne Huang said his firm's detailed study could provide a useful insight into Windows XP's involvement in botnets on a larger scale.

Read this

Windows XP: How end of support sparked one organisation's shift from Microsoft

The withdrawal of support for XP helped one organisation decide its best option was a move away from Microsoft Windows as its main operating system.

Read More

"Although the distribution reflects this group's infection rates in particular, it's still a good reference. Two years ago I would say, 'Yeah, it's typical' because at that time Windows XP was still in service. But if we'd done a dozen of these kinds of reports, we could say with confidence about what's typical now and what's not," he said.

"We cannot say that this is true across most crime groups. But it's not a surprise because we know that quite a few these groups tend to use exploits that they're familiar with."

Contrary to the views held in some quarters, crime groups do not invariably seek out the latest exploits for their attacks, Huang said.

"For a lot of these groups, it's not the case. Some of them tend to stick to what they're used to, as long as the exploit runs reliably — because exploitation is not a reliable process," he said.

"Although there are a lot of exploits out there, a lot of them are not reliable. [Criminals] don't favour these unreliable ones. Although they're new and, let's say, they work on Windows 7 — it doesn't matter. This group are running old exploits and they have a lot of exploits for Windows XP. That's why for this particular group, the Windows XP infection rate is hot.

"Windows 7 and 8 have more security mechanisms built into the operating system. I'm not saying they're not exploitable, but the exploits for Windows 7 and 8 are more complicated and require more steps than XP. But I certainly don't think that because Microsoft is not supporting XP, people have stopped trying to fuzz XP and find new exploits. I don't see why that would be the case."

More on Windows XP

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All