Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Microsoft > Security

May 24th, 2010, 14:15 GMT · By

Windows 7 Almost Immune to the Alureon Rootkit

SHARE:

Adjust text size:


Windows 7
Enlarge picture
Windows 7 is almost immune to a piece of malware that has proven a real nightmare to users running older versions of the Windows client. Windows XP SP3 customers particularly have been hit extremely hard by Alureon, a rootkit that failed to play nice with a Windows kernel update and ended up rendering unbootable infected PCs earlier this year. Microsoft’s Malicious Software Removal Tool cleaned no less than 356,959 Windows computers infected with Alureon, with the Redmond company pointing out that the statistics are associated exclusively with the May release of MSRT. Out of all the machines cleaned by the software giant’s free security tool, only 3.5% were running Windows 7.

In this context, Alureon comes to prove just how unsafe are older versions of Windows, as XP SP3 PCs account for the bulk of infections, no less than 64.8%. The runner-up is XP SP2 with 13.6%, Vista SP2 with 7.3%, Vista RTM with 6.9% and Vista SP2 with 3.8%. Combined, machines running XP SP2 and SP3 make up 78.4% of all the Windows computers compromised by the rootkit. At this point in time, Virus:Win32/Alureon.H is the most prevalent flavor of the browser, having been cleaned from 155,394 PCs, Vishal Kapoor and Joe Johnson, from the Microsoft Malware Protection Center, note.

Alureon detections
Enlarge picture
“The new .H variant is the most prominent in terms of prevalence. There were several changes to the design of the rootkit to avoid detection and cleaning, revealing that the rootkit is still under active development and distribution. One of the notable changes was to infect arbitrary system drivers instead of only the hooked miniport driver. Expectedly, this can have negative side effects on the machine depending on the chosen driver. For example, we’ve seen some machines having their keyboard disabled as a result of an infection. On other machines, Windows XP unexpectedly requests reactivation because the infection appears like a significant hardware change,” Johnson reveals.

Alureon detections by variant
Enlarge picture
The Redmond company indicates that the authors of Alureon are working to upgrade older versions of the rootkit to the most recent builds, which are better equipped to dodge antivirus products. The April version of the MSRT cleaned Alureon from 262,969 machines, namely 37% less compared with May. As far as the MSRT May malware families go, Alureon has climbed to the first spot, the software giant notes.

“Continuing the trend from last month, more than three-quarters of the infections occur on machines running Windows XP. This is likely due to better security in the later versions of the Microsoft Windows operating systems. The dominance of XP SP3 can be attributed to the combination of the above in conjunction with its high prevalence of use,” Johnson adds.

Microsoft’s Malicious Software Removal Tool is available for download here.

TELL US WHAT YOU THINK:

4,118 hits · 4 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Windows Embedded Compact 7 to Launch Soon
Download Windows Media Services 2008 for Windows Server 2008 R2
New Windows 7 RTM Upgrade Advisor Release Now Live
Windows Intune Beta Now Closed
1 Windows Update for the May 2010 Security Release ISO Image

READER COMMENTS:


Comment #1 by: The Computer Factory on 24 May 2010, 17:08 UTC reply to this comment

Your conclusion that Win XP is more vulnerable than Win 7based on percentages of infections cleaned be MS is invalid. First. since only 12% of PCs with MS operating systems have Win 7 and over 65% have Win XP the percentages are not significant, particularly in the light of the fact that all Win 7 PCs were less than 6months old and likely equipped with the latest versions of malware defense software plus the latest versions of the common virus vectors from third parties like Apple and Adobe.

While Microsoft needs all the "fanboys" it can get, don't go Ziff-Davis on us.

P Van Middlesworth
President Rainforest Industries


Comment #2 by: Windows20 on 25 May 2010, 08:59 UTC reply to this comment

This report has shown that Windows XP is more vulnerable than Windows 7. Windows 7 contains many security features. It looks like that even with the latest internet security software in Windows XP can't stop this kind of attack. This proves how unsafe older operating systems are. Windows XP was released in 2001. Windows 7 was release in 2009. Those two years are a big difference. This is how much improvements to security was made to Windows 7. It's scary to here that the keyboard was disabled. Good thng that there is a free tool to get rid of the virus. It's time to catch those virus writers and send them to jail for messing up people's computers.


Comment #3 by: WindowsLover on 27 May 2010, 13:50 UTC reply to this comment

I totally disagree with the conclusion of Win7 is "safer" because there are less machines infected.
In fact, the infected (or cured) distribution only shows, and agrees with, the distribution of OS to that date.
If, and only if, the infected number of Win7 is zero, then the conclusion is reasonable. (I don't want to use the word safer, because one particular kind of infection doesn't mean all)

And I also disagree with the point that XP is released many years ago means it is full of security hole. In fact, as the distribution agrees with installed vs infected (of XP & 7), I can say that Win7 with its 8 years advanced technique, is more or less the same security level as WinXP+Anti-virus software.


Comment #4 by: chris price on 09 Jun 2010, 20:29 UTC reply to this comment

Prove to me YOU'RE not a Bot..

"the authors of Alureon are working to upgrade older versions of the rootkit to the most recent builds, which are better equipped to dodge antivirus products. The April version of the MSRT cleaned Alureon from 262,969 machines, namely 37% less compared with May. As far as the MSRT May malware families go, Alureon has climbed to the first spot,"

Please devote some time to exposing who's building this marketing research tool and furthermore who's buying it. In many discussions among IT pros I find a remarkable absence of any ethics.I think that bears more public exposure and discussion.

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use