Rootkits and other stealthy threats have significantly changed the threat landscape with their ability to evade traditional security measures. Find out how to prevent these threats from entering your systems with an integrated solution from Intel and McAfee that delivers embedded security beyond the operating system.

1. Stealthy Threats
Driving a New Approach to IT Security
Intel and McAfee

2. Pervasive Stealth Techniques
No organization is safe: Threats are at work below the OS
2

3. A Closer Look at Rootkits
1,200 Detected Daily; 110,000 per Quarter*
Designed to evade traditional OS-based security
Software to provide privileged access while hiding
Designed to avoid detection (“slow and low”)
Used in advanced persistent threats (APTs) to steal data
Kernel-mode rootkits are most difficult to detect
3 *Source: McAfee Labs (Q1 2012).

4. Stuxnet: What You Need to Know
Stuxnet created a new blueprint—or even a benchmark—for
hackers targeting specific computing systems and stealing data
 Designed to disrupt industrial control systems within Iranian
nuclear programs
 Essentially redefined stealth technique by using a unique
combination of zero-day vulnerabilities, rootkits, and stolen
digital certificates
 Remains one of the most innovative, complex threats that
security researchers have been able to dissect publicly
4

5. Stuxnet in Action
User-mode/kernel-mode rootkits
 Hides files
 Decrypts and injects code into running processes
Possibly
Combines with Microsoft* the most
Windows* OS vulnerabilities complex
 Hides and then uses a rootkit specific to programmable
logic controllers, not previously seen in the wild threat
to date
Insulates programmable logic
controller with a wrapper
 Intercepts calls
 Reports that all systems are functioning correctly
5

6. Zeus: Commercial Crimeware
Zeus has changed the face of cybercrime with a sophisticated
malware toolkit
 Operates much like a software development kit (SDK),
allowing hackers to create custom malware with kernel-mode
rootkits to build a botnet of compromised hosts
 Spreads through compromised web sites; drive-by download
installs a Trojan without any user action
 Hackers can rent or purchase working Zeus botnets
– Initiate spam campaigns
– Launch distributed denial-of-service attacks
– Hunt specific data types
6

7. Zeus in Action
Embeds Zeus Trojans
 E-mail attachments
 Corrupt PDF files
Advanced
malware
Sends spear-phishing e-mails tools for
 Extracts specific information
 Takes over vulnerable systems
the masses:
point
and click
Targets specific user communities
 Plants custom Trojans on legitimate sites
7

8. IT Security Must Adapt
IT security must complement a traditional
software-only approach to implement security
prevention lower in the platform
If the innovation of Stuxnet combines with easy-to-use
programming toolkits like Zeus, it becomes a far greater
threat to the enterprise
 Rootkit methods will continue to shift below the user
and kernel levels
 Attacks will target the boot, hypervisor,
and firmware levels
8

9. Next-Generation Security from
Intel and McAfee
Preventing these stealthy threats from gaining entry into your
systems is the most effective solution
The industry’s first proactive security* approach
Combines world-class processor technology with leading security
software for an integrated security solution
Designed to help stay ahead of crimeware innovation, from PCs and
mobile devices to industrial controls and other intelligent clients
*No computer system can provide absolute security under all conditions. Built-in security features available on
9 select Intel® Core™ processors may require additional software, hardware, services, and/or an Internet
connection. Results may vary depending upon configuration. Consult your PC manufacturer for more details.