Avast reports that Windows XP remains a fertile source of security infections

The Avast virus lab says it has identified there are unpatched and often pirated versions of Windows XP in circulation, allowing hackers to stage rootkit attacks on users.

The problem with these pirated versions of WinXP, Infosecurity notes, is that Microsoft - understandably - does not normally allow the operating system to be updated.

According to Avast, data from its six-month study catalogued over 630,000 samples and found that 74% of infections originated from Windows XP machines, compared to 17% for Vista and just 12% from Windows 7 machines.

Whilst WinXP may be old, the East European IT security vendor notes that it is still the most common operating system around the world, with 49% of Avast antivirus users having installed the software on their computers compared to 38% with Windows 7 and 13% with Vista.

Avast says that rootkits actively hide their presence from administrators by subverting standard operating system functionality or other applications as they access to software and data.

Przemyslaw Gmerek, an Avast expert on rootkits and lead researcher with the firm, says that one issue with Windows XP is the high number of pirated versions.

This means, he adds, that users are often unable to properly update their machines because the operating system cannot be validated by the Microsoft update system.

"Because of the way they attack - and stay concealed - deep in the operating system, rootkits are a perfect weapon for stealing private data", he explained.

Newer operating systems like Windows 7, he says, are more resilient to rootkits - but not immune from the problem. This is thanks to innovations like UAC, Patchguard and Driver Signing, helping - but not fail-proofing - to raise the system security.

Against this backdrop, the Avast security researcher reports that cybercriminals are continuing to fine-tune their attack strategies with the Master Boot Record (MBR) remaining their favourite target for even the newest TDL4 rootkit variants.

According to Gmerek, the study found that rootkits infecting via the MBR were responsible for over 62% all rootkit infections.

Driver infections, meanwhile, made up only 27% of the total, with the clear leader in rootkit infections being the Alureon (TDL4/TDL3) family, which was found to be responsible for 74% of infections.

"People need to keep an antivirus software installed and updated ½ regardless of where they got their operating system", he said, adding that, if they suspect there is an issue, they can scan their computers using a rootkit removal tool.

What’s hot on Infosecurity Magazine?