AVAST Virus Lab reports Windows XP is significantly more at risk of being hit by a rootkit than Vista and 7:
The AVAST Virus Lab has identified un-patched and often pirated versions of Windows XP as the main vector for rootkits infections. Data from a six-month study catalogued over 630,000 samples and found that 74% of infections originated from Windows XP machines, compared to 17% for Vista and only 12% from Windows 7 machines.
While Windows XP may be old, it is still the most common operating system around the globe with 49% of avast! antivirus users having it on their computers compared to the 38% with Windows 7 and the 13% with Vista.
Rootkits actively hide their presence from administrators by subverting standard operating system functionality or other applications as they access to software and data.
“One issue with Windows XP is the high number of pirated versions, especially as users are often unable to properly update them because the software can’t be validated by the Microsoft update,” said Przemyslaw Gmerek, the AVAST expert on rootkits and lead researcher. “Because of the way they attack – and stay concealed – deep in the operation system, rootkits are a perfect weapon for stealing private data.”
More recent operating systems like Windows 7 are more resilient to rootkits - but not immune. Including innovations like UAC, Patchguard and Driver Signing in the latest Windows versions has helped, but not provided fail-proof security. Cybercriminals are continuing to fine-tune their attack strategy with the Master Boot Record (MBR) remaining their favorite target for even the newest TDL4 rootkit variants.
The study found that rootkits infecting via the MBR were responsible for over 62% all rootkit infections. Driver infections made up only 27% of the total. The clear leader in rootkit infection were the Alureon(TDL4/TDL3) family, responsible for 74% of infections.
“People need to keep an antivirus software installed and updated – regardless of where they got their operating system,” pointed out Mr. Gmerek. “And, if they suspect there is an issue, they can scan their computers with a rootkit removal tool such as aswMBR.