Number 279 - August 2006
Mcafee Avert Labs Points To Increasing Prevalence Of
Stealth Technology In Malware (Rootkits)
Findings Suggest Online Collaboration Sites and Blogs Contribute to the Increased Proliferation and Complexity of Rootkits


   SANTA CLARA, Calif., - April 17, 2006 - McAfee, Inc. (NYSE: MFE), the global leader in Intrusion Prevention and Security Risk Management, today announced research study results from McAfee® AVERT® Labs that demonstrates that the use of stealth technologies to conceal both malware and commercially viable Potentially Unwanted Programs (PUPs) is on the rise. In the last three years alone, the incident rate of stealth technology has increased by more than 600 percent. McAfee considers malicious programs using stealth technology to be rootkits, distinct from commercial applications that use stealth technology.

   McAfee believes the sudden rise of stealth technologies may be attributable to online collaborative research efforts using Web sites that contain hundreds of lines of rootkit code, available for recompiling, adapting, and improving, along with rootkit binary executables. With the availability of rootkit code and stealth creation kits, malware authors can more easily hide processes, files, and registry keys, without detailed knowledge of the target Operating System.  Stealth technologies’ power and versatility have driven their spread into nearly every known form of malware.  Their popularity has grown beyond malware and into mainstream commercial software with some security software vendors and consumer electronics firms recently being ‘outed’ for using stealth technologies in their products.

   Key research findings include:
   
  • From 2000 to 2005, rootkit complexity grew by more than 400 percent, and year-over-year, Q1 2005 to 2006, complexity has grown by more than 900 percent

    •    
  • The share of Linux-based techniques has gone from a high of roughly 71 percent of all malware stealth components in 2001 to a negligible number in 2005, while the number of Windows-based stealth components has increased 2,300 percent in the same time period
    		•

       
  • The "open-source" environment, along with online collaboration sites and blogs are largely to blame for the increased proliferation and complexity of rootkits


    •    "Clearly we are seeing that stealth technologies and rootkits specifically are increasing at an alarming rate,", said Stuart McClure, senior vice president, global threats at McAfee. "This trend in malware evolution is creating hardier and ever more virulent strains of malware that will continue to threaten businesses and consumers alike."

       The McAfee AVERT Labs research also highlighted several factors behind the increases in both rootkit adoption and diversity, the motivation driving rootkit writers, and the technological trends that will shape the future of rootkits.

       This is the first in a series of whitepapers focused on stealth technologies and rootkits. For a copy of the McAfee AVERT LABS' research please visit:

    About McAfee AVERT Labs
       McAfee AVERT Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in sixteen countries around the globe. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise.

    About McAfee, Inc.
       McAfee, Inc., headquartered in Santa Clara, California, and the global leader in Intrusion Prevention and Security Risk Management, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security.   Number 279 - August 2006