Study: Rootkits target pirated copies of Windows XP

Study: Rootkits target pirated copies of Windows XP

Summary: During the six month study, researchers from Avast have sampled 630, 000 Windows rootkits, to find out that 74% of infections originated from illegal copies of Windows XP.

SHARE:

During the six month study, researchers from Avast have sampled 630, 000 Windows rootkits, to find out that the majority have infected pirated copies of Windows XP.

According to the study, 74% of infections originated from Windows XP machines, compared to 17% for Vista and only 12% from Windows 7 machines. The study also found that rootkits infecting via the MBR were responsible for over 62% all rootkit infections.  Driver infections made up only 27% of the total. The clear leader in rootkit infection were the Alureon(TDL4/TDL3) family, responsible for 74% of infections.

With millions of PCs behind the WGA (Windows Genuine Advantage) wall, the number of infections is prone to increase. Not surprisingly, the researchers contribute the limited number of infections affecting Windows 7 to the availability of UAC, Patchguard and Driver Signing in the latest Windows versions.

Topics: Software, Microsoft, Operating Systems, Security, Windows

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • RE: Study: 75% of rootkits hit pirated copies of Windows XP

    "avast! users with an Windows OS"

    I know Avast is not from US or UK, but please they should get somebody who writes better English for their published documents and graphs.
    statuskwo5
    • RE: Study: 75% of rootkits hit pirated copies of Windows XP

      @statuskwo5 - Why? They want cheap labor. Not good labor.
      HypnoToad72
      • RE: Study: 75% of rootkits hit pirated copies of Windows XP

        @HypnoToad72
        Much as I like the English language, I would still prefer their computer languages be up to snuff before their English. I'm quite willing to forgive a small typo.

        BTW, how many languages do you guys speak? That is, besides "English".
        PercySludge
  • What is this graph telling us?

    It appears to be showing us that Avast! users have lower infection rates than non-Avast! (no A/V?) users. If that's the case slightly below 50% (Windows XP) and more (Vista and Windows 7) is lousy performance.
    ye
    • RE: Study: 75% of rootkits hit pirated copies of Windows XP

      scratch that... I read it wrong.
      Badgered
    • pretty simple really

      @ye .. dump any Avast products like a bad habit. This is blatant advertising for Avast .. nothing more and nothing less.<br><br>What's more, just another reason to not trust anti-virus vendors, who simply peddle false hope to the masses. <br><br>You know, i liken anti-virus software to placebos - the only security granted is in the imagination of the end-user.
      thx-1138_
      • RE: Study: 75% of rootkits hit pirated copies of Windows XP

        @thx-1138_@...

        I agree with 2/3 of what you said, but not the placebo analogy. I've spent way too many hours cleaning up after family members who were not using any anti-virus. Some really nasty stuff. I've been using AVG free for years and have never had an infection. Coincidence perhaps or better click choices on my part than others.
        jimrharrison
    • RE: Study: 75% of rootkits hit pirated copies of Windows XP

      @ye It tells us that 73.68% of statics are fake. Also, if you install linux on your extended family's virus-ridden XP machines, they will not call you again unless they need to borrow something.
      james.vandamme
  • RE: Study: 75% of rootkits hit pirated copies of Windows XP

    <I>Rootkits target pirated copies of Windows XP</I>

    This needs no explanation, really.
    The one and only, Cylon Centurion
    • RE: Study: 75% of rootkits hit pirated copies of Windows XP

      @Cylon Centurion I know, I was like... Wait, you mean that people who pirate software suffer more infections than people who don't? This was apparently a huge finding for Dr Obvious!
      slickjim
    • thanks..

      @Cylon Centurion
      I liked..
      <div style="display:none;"> <a href="http://www.kelebek.gen.tr/" title="kelebek">kelebek</a> </div>
      keyness
  • RE: Study: 75% of rootkits hit pirated copies of Windows XP

    Windows XP <B>IS</B> a rootkit infection. ;)
    The one and only, Cylon Centurion
  • RE: Study: 75% of rootkits hit pirated copies of Windows XP

    So that is it.
    On a win 7 here but..
    My other win XP puter has never had any problems ever. Still does not. Actually I have a win98 one running some programs, both are on DSL and have never had any problems.
    MoeFugger
  • RE: Study: 75% of rootkits hit pirated copies of Windows XP

    So I'm wondering here: With such a high-rate of infection amongst illegal XP installations, was this due to someone intentionally infecting XP, then providing it free/low-cost, with the intention of using the victims' systems for a botnet, etc ?
    gregebert
  • RE: Study: 75% of rootkits hit pirated copies of Windows XP

    I read the article you linked, which isn't by Avast at all so I'm not sure why it was linked in the first place, and no where in that article does it explain how it determined that the malware was on pirated versions of Windows. How are they able to tell that they are using a pirated version of Windows, other than the point of the auto updates being turned off?

    This article, and the linked one, are making seriously flawed assumptions based on absolutely no evidence whatsoever.
    BrewmanNH
    • This is a blog

      @BrewmanNH

      This is a blog, not journalism. You shouldn't expect accuracy.
      cwallen19803@...
    • RE: Study: 75% of rootkits hit pirated copies of Windows XP

      @BrewmanNH Well, I guess that's a signal to ignore anything this Danchev guy writes, in addition to Dignan. Next!
      PacoBell
  • RE: Study: 75% of rootkits hit pirated copies of Windows XP

    Why don't you use a Mac or Linux and sleep well at night!
    BTW don't forget Win XP was born almost 10 yrs ago!
    The most interesting is the infections on Win 7!
    Also on my opinion Avast is good enough for its money (free)
    gmartos2001@...