Zero Day

Ryan Naraine and Dancho Danchev

Study: Rootkits target pirated copies of Windows XP

By Dancho Danchev | August 5, 2011, 8:00am PDT

Summary: During the six month study, researchers from Avast have sampled 630, 000 Windows rootkits, to find out that 74% of infections originated from illegal copies of Windows XP.

During the six month study, researchers from Avast have sampled 630, 000 Windows rootkits, to find out that the majority have infected pirated copies of Windows XP.

According to the study, 74% of infections originated from Windows XP machines, compared to 17% for Vista and only 12% from Windows 7 machines. The study also found that rootkits infecting via the MBR were responsible for over 62% all rootkit infections. Driver infections made up only 27% of the total. The clear leader in rootkit infection were the Alureon(TDL4/TDL3) family, responsible for 74% of infections.

With millions of PCs behind the WGA (Windows Genuine Advantage) wall, the number of infections is prone to increase. Not surprisingly, the researchers contribute the limited number of infections affecting Windows 7 to the availability of UAC, Patchguard and Driver Signing in the latest Windows versions.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Patch Tuesday heads-up: Critical IE update among 13 bulletins

'Breaking: Lady Gaga Found Dead in Hotel Room' scam spreading on Facebook

Topics

Rootkits, Microsoft Windows, Microsoft Windows XP, Operating Systems, Security, Spyware, Adware & Malware, Software, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Full Bio
Disclosure
Contact

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Talkback Most Recent of 19 Talkback(s)

Follow via:: RSS; Email Alert

RE: Study: 75% of rootkits hit pirated copies of Windows XP

"avast! users with an Windows OS"

I know Avast is not from US or UK, but please they should get somebody who writes better English for their published documents and graphs.
statuskwo5
5th Aug
- Reply to
- Flag
RE: Study: 75% of rootkits hit pirated copies of Windows XP

@statuskwo5 - Why? They want cheap labor. Not good labor.
HypnoToad72
6th Aug
- Reply to
- Flag
RE: Study: 75% of rootkits hit pirated copies of Windows XP

I just paid $22.87 for an iPad2-64GB and my girlfriend loves her Panasonic Lumix GF 1 Camera that we got for $38.76 there arriving tomorrow by UPS. I will never pay such expensive retail prices in stores again. Especially when I also sold a 40 inch LED TV to my boss for $675 which only cost me $62.81 to buy. Here is the website we use to get it all from, BidsOut.com
HaneyChris
7th Aug
- Flagged
RE: Study: 75% of rootkits hit pirated copies of Windows XP

@HypnoToad72
Much as I like the English language, I would still prefer their computer languages be up to snuff before their English. I'm quite willing to forgive a small typo.

BTW, how many languages do you guys speak? That is, besides "English".
PercySludge
8th Aug
- Flag
What is this graph telling us?

It appears to be showing us that Avast! users have lower infection rates than non-Avast! (no A/V?) users. If that's the case slightly below 50% (Windows XP) and more (Vista and Windows 7) is lousy performance.
ye
5th Aug
- Reply to
- Flag
RE: Study: 75% of rootkits hit pirated copies of Windows XP

scratch that... I read it wrong.
Badgered
5th Aug
- Reply to
- Flag
pretty simple really

@ye .. dump any Avast products like a bad habit. This is blatant advertising for Avast .. nothing more and nothing less.

What's more, just another reason to not trust anti-virus vendors, who simply peddle false hope to the masses.

You know, i liken anti-virus software to placebos - the only security granted is in the imagination of the end-user.
thx-1138_@...
7th Aug
- Reply to
- Flag
RE: Study: 75% of rootkits hit pirated copies of Windows XP

@thx-1138_@...

I agree with 2/3 of what you said, but not the placebo analogy. I've spent way too many hours cleaning up after family members who were not using any anti-virus. Some really nasty stuff. I've been using AVG free for years and have never had an infection. Coincidence perhaps or better click choices on my part than others.
jimrharrison
8th Aug
- Flag
RE: Study: 75% of rootkits hit pirated copies of Windows XP

@ye It tells us that 73.68% of statics are fake. Also, if you install linux on your extended family's virus-ridden XP machines, they will not call you again unless they need to borrow something.
james.vandamme
14th Aug
- Reply to
- Flag
RE: Study: 75% of rootkits hit pirated copies of Windows XP

Rootkits target pirated copies of Windows XP

This needs no explanation, really.
Cylon Centurion
5th Aug
- Reply to
- Flag
RE: Study: 75% of rootkits hit pirated copies of Windows XP

@Cylon Centurion I know, I was like... Wait, you mean that people who pirate software suffer more infections than people who don't? This was apparently a huge finding for Dr Obvious!
Peter Perry
6th Aug
- Reply to
- Flag
thanks..

@Cylon Centurion
I liked..
kelebek
keyness
8th Aug
- Reply to
- Flagged
RE: Study: 75% of rootkits hit pirated copies of Windows XP

Windows XP IS a rootkit infection.
Cylon Centurion
5th Aug
- Reply to
- Flag
RE: Study: 75% of rootkits hit pirated copies of Windows XP

So that is it.
On a win 7 here but..
My other win XP puter has never had any problems ever. Still does not. Actually I have a win98 one running some programs, both are on DSL and have never had any problems.
MoeFugger
5th Aug
- Reply to
- Flag
RE: Study: 75% of rootkits hit pirated copies of Windows XP

So I'm wondering here: With such a high-rate of infection amongst illegal XP installations, was this due to someone intentionally infecting XP, then providing it free/low-cost, with the intention of using the victims' systems for a botnet, etc ?
gregebert
8th Aug
- Reply to
- Flag