All the latest UK technology news, reviews and analysis


Kaspersky accuses McAfee of crying wolf over Shady RAT

18 Aug 2011

Eugene Kaspersky is chief executive of Kaspersky Lab

Kaspersky Lab founder Eugene Kaspersky has taken to the web to have a pop at rival McAfee's recent Operation Shady RAT revelations, claiming that many of the report's conclusions are unfounded and that the firm is being deliberately alarmist.

The report detailed a large-scale and long-term hacking attack spanning 14 countries and compromising 72 organisations, including the United Nations, defence contractors and even Olympic committees, over a five-year period.

The attackers, who many believe to have links with the Chinese authorities, are said to have begun with a standard spear phishing email sent to someone with appropriate access rights in a company.

The malware is then said to have initiated a backdoor communication channel to the command-and-control web server.

"This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organisation to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for," said McAfee vice president of threat research Dmitri Alperovitch.

However, in a strongly worded blog post, Kaspersky argued that most commercially available anti-virus software can block the malware involved in the Shady RAT attacks.

He added that the hackers did not reveal any advanced or previously unknown technologies for hiding in systems undetected, nor any encryption to protect traffic between servers and infected machines or anti-virus disabling functionality, thus emphasising the low level of sophistication involved.

This also indicates that the attack was probably not state sponsored, according to Kaspersky.

"On the black market the Shady RAT malware would be valued at not much more than $200. Even if an 'evil' state were to decide to launch a targeted attack, it could buy much more sophisticated malware for just $2,000 to $3,000," he added.

"And most certainly the 'evil' state wouldn't use the same command-and-control server for five years, and then keep it operating after it was revealed in the world media that it had been exposed, allowing security researchers to conduct in-depth analysis of the botnet."

Kaspersky argued that threats such as Zeus, Conficker, Bredolab and Stuxnet all pose far greater risks to organisations than Shady RAT and, most damning of all, accused McAfee of "crying wolf".

"Regarding Shady RAT, the IT security industry did know about this botnet, but decided not to ring any alarm bells due to its very low proliferation, as confirmed by our cloud-based cyber threat monitoring system and by other security vendors. It has never been on the list of the most widespread threats," said Kaspersky.

"For years now the industry has adopted the simple and helpful rule of not crying wolf."

Kaspersky's attack is all the more astonishing given that security vendors are usually pulling in the same direction, if not necessarily always on friendly terms then certainly mindful that they're all fighting the same enemy.

Will this be the start of similar outspoken missives from the big guns in the security space? It will certainly make things a bit more interesting.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Phil Muncaster
About

Phil Muncaster is news editor at V3.co.uk, a role he has fulfilled since January 2010. Previously he was chief reporter for IT Week, having also worked as a reporter and senior reporter on the publication from 2005.

Before IT Week, Phil worked as a researcher for the Rough Guide. Prior to his work in journalism, Phil spent three years teaching English in Japan.

 

 

More on Security
What do you think?
blog comments powered by Disqus
Poll

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?
63%
12%
0%
0%
25%
0%

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
mubaloo2

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Head of Digital Product Management

Head of Digital Product Management is required for a...

Front End UI / UX Developer - HTML5 - Big Data Analytics

Front End UI / UX Developer - HTML5 - Big Data Analytics...

Software Trainer - Marketing Data Analysis & Automation Software

Software Trainer - Marketing Data Analysis & Automation...

Technical Support Consultant -SQL- Marketing Analysis/Automation

SaaS / Technical Support Consultant - SQL - Marketing...
To send to more than one email address, simply separate each address with a comma.