20% of world computers infected with rootkits
Malware researchers at Prevx have highlighted what they are calling a ‘massive growth’ in the number of PCs harboring rootkit infections. More than 725,000 PCs were scanned using the Prevx CSI malware scanner over a two-month period. Of the around 291,000 users who scanned their PCs during October 2007, some form of spyware or malware was found on one in six. Significantly, although rootkits were detected on 15.6% of PCs during October 2007, that figure had risen to 22% by early December. Rootkits are often ‘dropped’ or buried by other infections. They then modify a PC’s operating system to hide themselves from both the user and any security products installed on the computer. By so doing rootkits can allow criminals to remotely monitor, record, modify, steal and transfer data from the victim’s PC.
Some rootkits are undetectable by conventional antivirus and antispyware applications. A tech-savvy user may believe his or her computer is ‘clean’, and unwittingly pass on increasingly valuable personal and financial data. Since 1 December 2007, 114,891 new users have run Prevx CSI with rootkit-detection features enabled. Of those PCs, 1,678 had what Prevx describes as ’significant rootkit infections’. That equates to 1.46% or approximately one in 70 systems, which is almost 15 times higher than the one in 1,000 rootkit-infected PCs previously estimated by industry experts. These botnets counting hundreds of thousands PCs have to work with something, right?
Source: PC World
Comments(121)
so how do we remove these rootkits?
or keep keep ourselves away from installing them.
Seriously though, I have Spysweeper, Spyware doctor and McAfee Security centre all running on my ‘business’ computer. It slows the heck out of the performance but I always thought better safe than sorry. Does this mean I could still have some nasty trojan keylogger sending my passwords over to Russia? and what else should I do?
@5
You could also die in a car crash, does that stop you driving.
You can only do so much, its not worth worrying about.
Not mine, I’m very careful.
In case you don’t remember who I am, you can see my pics at http://www.hungry4u4more.com
@3
If I died in a car crash, yes I’d give up driving.
@5
Lol fair point.
@2
Just download the CSI app form the link if you are bothered.
Anything named CSI is bad in my opinion.
Thanks for the link Martin.
Downloaded their malware detection tool, didn’t find anything =)
Im sure if you read into Anti-Virus and malware…whatever
You will tie yourself up in knots, have scanners, checkers running every 15 minutes, they will all be better at each other….and all it does is slow your computer down and make you a paranoid physco…
Just be careful what you download, where you get it from, and dont worry….Or do !!
Linux is the solution
Martin,
Where did you get this headline from? Where do the 20% come from? Where is it said that 20% of ALL computers* around the world are infected with rootkits?
Sorry to say that but this is just horrible anti-virus propaganda.
I’ve been researching rootkits for years and that number is nothing but a lie. The real percentage should be way below 0.1%.
The press release is just fearmongering imho.
The number of machines infected with rootkits has to be smaller than the number of machines infected with “malware” because rootkits are a subset of malware. So if 20% are infected with rootkits, how many have to be infected with some malware? 50%? 80%? come on…
I would appreciate it if you could do some research and then clear things up here because blindly spreading propaganda is a very dangerous thing.
*: “computers” includes machines like servers, macs, *nix boxes, and a whole lot of others that are rarely infected with rootkits and together form a not unsignificant number.
Yeah thats great, I cant use it for f(_)ck all, so I can never get a virus.
And I will spend so much time setting it up and messing around, I will smash the peice of sh1t with a hammer.
So yeah, Linux it is then.
@9
Do you have idea what rootkit is? Before anyone hear a anything viruslike they start shouting “linux is solution” go research more.
yeah, linux is the solution…i like the way none of my games work on it too.
“We base our statistics on that our ‘tool’ Prevx CSI Malware Detector installs a root-kit allowing us full access.”
… but seriously, seems like an OK tool. It’s always impossible to exactly how effective software like this is, since most of us don’t go around installing rootkits and testing.
Another good tool for finding rootkits and alike is Rootkit Revealer, available from Microsoft:
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
It takes longer to run though and will show all files hidden from the OS. So you’ll see some from various game copy-protection solution and from Deamon-tools for example.
@10
He says at the bottom its from PC World. Maybe if you had a look yourself rather than gobbing off.
http://www.pcworld.com/article/id,140538/article.html
this is only a publicity article for PREVX done by PC World
SecuROM install method creates a null registry key considered (even for some Microsoft products) as a rootkit.
Well…i’m using Kaspersky internet security 7.. and it have Rootkit scan with three levels of Heuristic detection… and i trust kaspersky. Looks like i’m safe.
@16 You nailed it right on the head.
You could do worse than try Hitman Pro.
http://www.hitmanpro.nl/hitmanpro/
@15
Gobbing off? What are you on about…
Yes, it’s from PC World. Your point being?
Maybe this explains why when coming to rlslog you get redirected to the spyware spam page righe off the back before even hitting the main page.
I know you guys need ads to support your site, but the ads have gone over the edge. Sorry to say I’ll only visit rlslog with adblock plus enabled anymore.
Dont respect your users, dont expect them to support you!
@ Stewie:
3 things to criticize then:
1.: what’s the point in copy-pasting articles without even linking to the original?
2.: the original article doesn’t say that 20% of “world computers” are infected with rootkits anywhere
3.: why did Martin leave out some usefull parts like “(Ed. Note: another excellent tool for detecting rootkits is an application called IceSword) ” and “These stats don’t take into account the fact that users who scan their PCs are more likely to have concerns about infections.”
I didn’t want to rant but post some constructive criticism. Sorry if that sounded a little bit harsh
@22
You were gobbing off, saying “where did you get this release from…blah blah”
The actual article says
“One in Five PCs Infected With Rootkits”
“Significantly, although rootkits were detected on 15.6% of PCs during October 2007, that figure had risen to 22% by early December.”
So thats what Im on about you d1ck.
Im not saying its true, and hes just saying whats on the page.
Feel free to come out with more whining.
It shud say>>>>>
20% of malware infected computers in the world are infected with rootkits.
@24
Ok, its editing on his part.
But no worse than any other headline grabbing newspaper or the like. So many critics of this site, no wonder they are hard to find, everyones a f(_)cking expert.
@24: c’mon man … 1 out of 5 multiply it with 20 and you’ll get that 20 out of 100 which means 20%, now you got it
use Nod 32
@25
Dude, your the one whining. Read what I wrote again and you’ll see that I was just kidding… Sorry for thinking so highly of you that neglected to include [/sacasm].
that is a really weird statistic …
people who think they have a rootkit infection are more likely to scan their computer…
so it’s pretty obvious that a lot of people who scan actually have a rootkit infection.
if we were to scan all of the computers in the world, this would be a much lower percentage imho
(excuse my english, but i hope you get the picture i’m painting)
@30
Yeah very funny…. I understand sarcasm, but I cant see any in that post. I think you need to practise more.
@21: Spot on. n00bs who only use facebook or spam and chain mail through their hotmail account and who don’t know a damn thing about real computing. These are the fools that receive and spread infection due to their total lack of knowledge. I’m surprised most of them can even figure out how to boot the machine in the first place.
@ Stewie (post #25)
I am not “Cim” (post #22)
@ dagoshell
I’m not complaining about the number, it’s the “of world computers” vs. “PCs”.
@ Stewie (post #27)
The thing is that this article lets the already misleading original article be even more misleading. Now let’s imagine someone quotes rlslog and does the same, leading to a constant decrease of usefull information. Like playing chinese whispers
@33
We are all nOObs at something, once you get your first job and maybe even a girlfriend, you will understand.
Just cos you are aware of viruses, does not make you all knowing you know…
You will learn …You will learn.
@34
What’s that you said mate. 45% now…Oh my god.
Fair points
@33:
we should make an OS without passwords …
when u users wants to login, we just check his l33tness by asking a couple of questions:
-what does DDOS stand for ?
-what is a trojan ?
-what does ‘free’ mean ?
if you cant answer these question, the computer will go into denial of service to noobs mode
or we could make a webbrowser with the same technology …
no more noobs on the interwebs !
@Cim
“Gobbing off? What are you on about…
Yes, it’s from PC World. Your point being?”
I think what he meant was; the article was in fact and ad for prevx.
@37
Yeah brilliant, but when these nOObs are operating on your heart..or fixing your car.
Your brilliant computer knowledge will be as much use as a chocolate ashtray. Its only computers, stop getting up your own ar5es.
@9 Linux is only for g.a.y people…
@38
Gitcha, well the whole web is full of adverts, and it must work.
But fair point. How could any of these Anti-Virus companys sell stuff if they didnt tell us how bad things were, and how good they were.
Theres an advert on TV just now, itd basically a hand held battery that plugs into the cigarette lighter connection for the battery. Saves having to get a jump start when the battery dies I suppose.
The advert has a woman and two kids sat in a car, at night and in the rain. She gets this thing out and plugs it in, and the car starts and away she goes.
I wonder how many women will buy that, and think it will cure every fault in the car.
Unreal.
@ Stewie
Sorry, I didn’t get the last post (#36). Can you rephrase that?
You were on about chinese whispers..
I made out that I heard 45% instead of 20%…
You have ruined it now
@39
only noobs have hearts! i’ve got an empty space where my heart used to be…
only noobs drive cars! i just order everything i need of the internetz…
chocolat ashtrays are really usefull when you have the munchies! i always have the munchies…
it’s not just computer either… noobs should be denied every service know to man.
ah well, i guess i’ll just have to keep dreaming of my perfect world…
(more like ROFLMAOLOLBRBGTFOKTNX – just kidding yo)
Oh sorry, stupid me. Nice and clever joke, didn’t want to ruin it.
Only noobs need to be told when leetpeople are making a funny
I don’t have an anti-virus, software firewall or any spyware checking crap. I prefer speed over superstition.
I’ve been fine for years, just only go on respected websites!
Yeah when you say speed, you mean how fast they will hack into your PC.
Ive done what you have in the past, but Ive always had a firewall running. And you can go to a trusted site and still get hacked or download something they are not aware of as being infected.
But its your kit, so its up to you at the end of the day.
@Nufsed (#38)
).
I know it’s a “sponsored post” or whatever the correct term is, that’s sort of hard to miss (out of place info and no torrent link
Was just saying that they base their statistics on their free tool. They obviously have something to gain from having those statistics show rootkits everywhere.
Also why I recommended the Rootkit Revealer. It’s made by Sysinternals which is a trusted company, bought by Microsoft a while back who now hosts all their tools on Microsoft.com. No reason to muck around with tools like this when there are free alternatives from trusted sources?
@Anthony (#47)
You should at least check periodically for various things, like rootkits or suspicious stuff running the background. Does not matter how careful you are, there are so many ways to get infected it can happen to anyone. The only way to be 100% safe is disable your networking and forget about the internets.
just get Linux. Problem Solved
Hi
The only utility I’ve found that will remove rootkits is
http://www.gmer.net/index.php
i never used a anti virus, firewall etc in 3 years. i just scanned it with this pos tool…… result…nothing detected.
conclusion: you all are being had.
The last time I installed my win xp was about a year ago,since then I have no problems with my OS! I scanned my computer with this Prevx CSI tool an it found nothing! I wasnt surprised though,couse I now my computer is a fortress! Nod32,Spybot S&D and Spyware Blaster! Nothing can get through this defence!
)
Its recommended that you also put Comodo Firewall for extra protection! All these programs are free exept for Nod32
Hope you find this usefull!
))
Idiots get infected with rootkits. I dont browse stupid sites and use stupid p2p (limewire) stuff therefor i dont get infected.
The problem is that people are just dumb.
Well done. Thats why MS kick out security patches for their software.
Oh hold on they dont make Limewire or stupid sites…
They must just be bored.
@ 50
rootkits come from the unix world…
@ 51
If you are infected with a rootkit, the best thing to do is do a complete reinstall because chances are that there is other stuff on your computer. At least that’s what I’d suggest
PREVX ACTUALLY SAID 1 IN 70 OR 1.46% OF PCS HAVE ROOTKIT INFECTIONS
NOT 1 IN 5 OR 21% (that was for regular infections)
I just read Prevx’s Press Release they never said 1 in 5 or 21% of PCs were infected by rootkits anywhere. The number of PCs infected by rootkits is quoted as follows:
On Dec 1, 2007, Prevx CSI was enhanced to detect rootkits. Since then 114,891 new users have run Prevx CSI with this feature enabled. 1,678 PCs have been discovered with significant rootkit infections, 1.46 percent or approximately 1 in 70 PCs checked, and almost 15 times higher than the 1 in 1,000 PCs previously estimated by industry experts.
ROOTKITS CLEARLY STATED BY PREVX AS
1 IN 70 PCs, NOT 1 IN 5 PCs.
That’s a very believable 1.4%.
The 1 in 5 number or 21% is the number of PCs with regular infections.
Looks like the scaremongering is people trying to twist Prevx’s clear message into something to get themselves traction my mis-quoting and leveraging Prevx’s name.
Mike
@53, blaze, i dont have any of the stuff you have, and i run xp home.-…. scan found nothing too. so who is superstitious here?
if you are not a r3tard, you can have xp and be safe, stable and fast.
blaze is a spastic
How is this tech news anyway? It’s more like marketing.
been over a year since i formatted.i dont run any firewall or
virus tools.once in a while i scan with adaware but it rarely comes up with anything of interrest.i only take action when its too late u might say.if i detect my machine is getting slower i investigate and solve the problem,and life goes on,
i think its rediculus to spend crazy amounts on processing power and fast broadband,just to see it getting eaten by virus scsnners and firewalls.i jumped off that wagon about 2 years ago and even though i download pretty much everything i see….lol,”im very curious”i never seem to have a problem.
i even got static ip.so its not like im making it hard for anyone to abuse my system,guess im just not that interresting!!
I got a rootkit while playing Halo 3 (most awesome game ever)
All you leet’s out there…keep in mind….YOU WERE ALL NOOBS AT ONE TIME…..maybe you should have stayed off your pc’s….Oh wait…then you would never learn a thing would you. Course back then you didn’t have leet aholes always flaming someone for wanting to learn…..
SO F(_)CKING GROW UP AND MAYBE HELP THE NOOBS INSTEAD OF BEING SUCH SMARTASSES!!!!!!!!!!!!!!!!!1
hoIo 3 IS a rootkit.
onetimenoob….yeah but nowadays with google you cant be ignorant and expect to be massaged your b@lls.
@65
Google is a search engine for the best part.
And you can only search for what you know about. If you dont know, then how the f(_)ck do you search…
Leave nOObs alone…
You are obviously a nOOb at english…so STFU
So are there more computers infected with rootkits than the number of copies sold of Halo 3?
Halo 3…
Mmmmm…that will be the best game ever, ever…till the next one.
Oh to be 10 again.
they mark http://www.nirsoft.net/ as all the spyware detectors.
not cracker, hacker. hack into the system, crack copy protection.
I am keeping several trojan, virus, rootkit and keylogger in my computer where I download and share torrent , just in case the RIAA comes knocking at the door, I have proof to tell them that my computer is being hijacked.
csi didnt detect anything on my unprotected pos pc.
only run spyware doctor once in a while to get rid of some tracking/adware cookies (csi didnt do anything about those btw) .. or whenever i know i shouldnt start some fishy download.. but want to run it anyway ^^
didnt buy decent hardware just to make it run slower with security background tasks.
Some free utilities to remove rootkits:
already mentioned is GMER.
IceSword: http://antirootkit.com/software/IceSword.htm
Hook Analyzer: http://www.resplendence.com/hookanalyzer
Instructions to remove rootkits with IceSword:
http://www.castlecops.com/t165203-IceSword_Instructions_in_English_Illustrated.html
Calling bogus on their numbers based on my own scan using their tool. It detected my HighPoint RocketRAID program as a Rootkit, which it might very well be, but it’s needed otherwise I lose some of my storage drives. So who knows how many of their rootkits are those that are needed for a legit use, like an addon SATA RAID card.
OMG OMG OMG!!! I ONLY HAVE NORMAN AND I THINK MY COMPUTERS MAY BE INFECTED WITH EVIL INTERNETS PIRATES VIRUSESES!!! WILL THIS APPLICATION HELP ME OR HAVE THEY ALREADY STOLEN ALL MY MONEY?!! COULD SOMEONE THATS NOT INFECTED CHECK MY BANK-ACCOUNT FOR ME?!! PLEASE HELP!!! THEYRE WATCHING!!!
Ummm… yeah… 20% sounds about right.
Hope you guys buy something proper for the money yeah. ;P
@70 =))
good one
@9 qwerty you’re such a noob… lol
I’ve been using Prevx2.0 for a while now, it’s solid.
stewie, obviously you are the noob if you dont even know how to search about a topic on google. these noobs come ask questions about specific stuff, but they couldnt type those few words in google?
noobs have no excuses, they are all lazy and conceided, who expect others to do all the work for them.
@81
As I said before, you are a nOOb at English. Remember and do a search against the words you are trying to spell.
conceided is not a word, and if you mean conceited, well that means
“Holding or characterized by an unduly high opinion of oneself; vain.”
I thnk that refers to people like you, not nOObs.
So blow it our your bottom you d1ck…:)
@81, mac living with his mom
We were all n00bs once. So get off your high horse and show them the way instead of being so condescending and smug, tospot
Wow you seem to be real good at talking about all the a$$ stuff.
You are definately not a n00b at that.
Well Done. I can see you are a 10 yr old non nOOb. Enjoy cuddling up to your Mom tonight, at least she loves you.
Im sure you will be another one of these Lone Gunman with lots of guns at your school, wear your Long Leather Matrix coat,it makes you look like Neo.
Remember…you will be famous….Id1ot
Why would I need pen15 surgery for mens fashion.
Have people touched you. Im sorry.
Ok you win.
You are excellent. Party on Dude.
you got pretty crazy man…cut it out
at the end of the day every firewall / antivirus / whatever security measure is USELESS
hackers use ports that have been opened in your firewall (eg. webserver, ftp server)… they only use these ports because that is the only thing on your computer that is vulnerable and that they have exploits for
so a firewall doesnt really help us at all
(thank god a firewall does more … like when somebody is scanning your host for open ports, the firewall blocks traffic to that user so he doesnt even find the weak spots…
hackers solve this by only scanning on 1 port – the port that the latest exploit needs – but they scan every pc in the world – without the FBI IP ranges ofcourse ^^)
once their exploit was successful they have a remote shell on your computer …
what do you think the first thing is they do?
that’s right, they turn off the antivirus and firewall …
so an antivirus can only protect you from yourself (like when you download a virus because you think it is p0rn)
so right about now there is nothing protecting your computer…
insert rootkit – you got pwned
every smart hacker has scanned his rootkit with almost every antivirus / rootkitdetector out there…
every time their rootkit is detected, they just rewrite the code and they have a new undetectable rootkit again…
same thing with virusses, your antivirus will not detect 99.9% of the virusses that are currently being used …
once a virus becomes detectable, hackers stop using it or change the code…
once an exploit has been made public, the vulnerable software will be updated as well, so the exploit becomes worthless…
it’s a neverending battle … but thats the origin of evolution right ;P
and the title of this article should read : “20% of all scanned PCs have rootkits” … it’s not like they scanned every pc on the planet
nuff taught
oh right, the solution to this problem:
in the future you can just choose which botnet you want to belong to…
and as a return, the owner of the botnet will protect you from evil doers ^^
(the botnets do not have to be hostile, we could all just help cure cancer and not wory about a thing)
100th Post
Right this is a lot of b0LL0x now. Lets stop it now.
We have worked out you dont need anything. Its all a conspiracy. Enjoy your calculator.
100th comment! woot! woot!
Is this better than Halo 3?
Damn you stewie!
I pwned you…
And yes it was better than Halo 3 and COD 4.
Get it up ye …
Whether the stats are right are w/e, I wouldn’t mind having the best scanner on the internet so I can do a quick scan before I ever need to send any critical information
well the free test just got a false positive from a keygen on my desktop, so i would say the stats are a load of bollox. 20%+ is gibberish and false advertising.
/netstop nameoftheantivirus
@105
what gave you the conclusion that the keygen isnt infected?
cos he is l33t.
He aint stoopied to get Virus man. He keep windows and door shut.
Nobody getting in that muderf00ker.
http://www.youtube.com/watch?v=VI3TA8NK184
Video on how to scam bux . To
Easy, make money in minutes!
http://www.youtube.com/watch?v=VI3TA8NK184
Video on how to scam bux . To
Easy, make money in minutes!
I really hope you having fun there talking to yourself there under the names Kraken thrashie and even trying to use my name too bad mine has a real staff picture next to it
my bad not thrashie under Hirohito
lol not when you have a ban
wow we mite just lose one person who keeps spaming under the same ip with diffrent names 81.155.***.**
@95, cuz kaspersky and nod32 said it wasnt
20% is wrong! It’s gacilion gacilion procent!
F0cking propoganda, and the idiots buy into it.
Yes dudes, the hackers really want your p0rn – they really need a rootkit on your machine.
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
RootkitRevealer is an advanced rootkit detection utility. Free!! Free!!
I just checked my system for rootkits yesterday with UnHackMe program and it didnt find anything. My anti-virus also and anti-rootkit enabled.. the problem is the rootkits that are invisible to all rootkits.. until the anti-rootkit technology gets better I think rootkits percentage is probably 99 percent.
Rootkit Revealer showed that I have some but how do I remove them?
I ask men to rootkit my nipples.
PcWorld is a pretty good site/magazine, but they MOST DEFINITELY write “articles” that promote a certain product, most like advertisements really. A good example is this years best Anti Spyware products: PCTools Spyware Doctor. This program has NEVER been even half as good as counterspy, webroot, or even AVG’s antispyware, and PCTools has been a major advertiser for PCWorld for many years. Now they’re pushing Prevx, which until today I had never heard of, and I keep up with this stuff. It’s just advertising, nothing more. Scaremongering advertising.
Just use Comodo firewall Pro with Defense+ and maybe counterspy or spysweeper, even AVG for extra backup.
I ran their proggy and it says I’m clean, there is only so much you can do. The so much is called common sense. Anything less and well bye bye your PC.
I hate commercials
could somebody tell me what a noob is please, oh and whats a rootkit too?
^^^^noob
lol, my current antivirus flagged the anti malware scanner for installing a trojan (not correct i bet)
Well, I tried to scan my system, but Windows 98 isn’t supported. I guess that means that I’m safe from rootkits, since if I wasn’t, surely they wouldn’t ignore people like me just because we use an older OS…
20%? Where did that figure come from, I see no proof of that!
thanx for the news… scanned my comp….despite having an av and fw in place i go tht root kit… will clean with the links above
I got vista 64 bit, can i get rootkits still with all that driver signing malarky, and is there a rootkit detector that works with 64 bit OS, coz rootkit detector and icesword dont, hmmmmmmmmmm i wonder
We don’t need anti-virus, we need vaccines…
I ran that ice sword program and it nearly destroyed my computer, had to repair windows with the xp CD. the other prog hook analyser only brought up one hook and it was daemon tools. this rootkit stuff a load of bs
This software is a virus in itself! installed it on 3 machines at work and now JUST those 3 machines are infected with Worm.Win32.Huhk.c _ Kaspersky AVP picked it up the morning after installing CSI.
RLSLOG can expect a letter from my lawyers over this crap…
DO NOT DOWNLOAD THIS SOFTWARE!!!
Man half these nerds apparently don’t realize that not everyone is as much into computers as them and are not as familiar with them, just because your lives revolve around a computer doesn’t mean that just because X person uses them, that he will be familiar with it and know all ins and out, its not that simple, if you weren’t so ignorant you’d understand that that applies to most things in life as well, from cars, your health and what not… we are all *noobs* at a lot of things so don’t go bashing people, its annoying and makes you look like an idiot. Besides even I get careless sometimes with computers, I have 2 Av, configured my router to block all macs etc… and firewalls and know if a hacker had enough time and was skilled enough he could probably get access to my files, lets see where your l33tnez goes if that happens..