Rootkits and other stealthy threats have significantly changed the threat landscape with their ability to evade traditional security measures. Find out how to prevent these threats from entering your systems with an integrated solution from Intel and McAfee that delivers embedded security beyond the operating system.
3. A Closer Look at Rootkits
1,200 Detected Daily; 110,000 per Quarter*
Designed to evade traditional OS-based security
Software to provide privileged access while hiding
Designed to avoid detection (“slow and low”)
Used in advanced persistent threats (APTs) to steal data
Kernel-mode rootkits are most difficult to detect
3 *Source: McAfee Labs (Q1 2012).
4. Stuxnet: What You Need to Know
Stuxnet created a new blueprint—or even a benchmark—for
hackers targeting specific computing systems and stealing data
Designed to disrupt industrial control systems within Iranian
nuclear programs
Essentially redefined stealth technique by using a unique
combination of zero-day vulnerabilities, rootkits, and stolen
digital certificates
Remains one of the most innovative, complex threats that
security researchers have been able to dissect publicly
4
5. Stuxnet in Action
User-mode/kernel-mode rootkits
Hides files
Decrypts and injects code into running processes
Possibly
Combines with Microsoft* the most
Windows* OS vulnerabilities complex
Hides and then uses a rootkit specific to programmable
logic controllers, not previously seen in the wild threat
to date
Insulates programmable logic
controller with a wrapper
Intercepts calls
Reports that all systems are functioning correctly
5
6. Zeus: Commercial Crimeware
Zeus has changed the face of cybercrime with a sophisticated
malware toolkit
Operates much like a software development kit (SDK),
allowing hackers to create custom malware with kernel-mode
rootkits to build a botnet of compromised hosts
Spreads through compromised web sites; drive-by download
installs a Trojan without any user action
Hackers can rent or purchase working Zeus botnets
– Initiate spam campaigns
– Launch distributed denial-of-service attacks
– Hunt specific data types
6
7. Zeus in Action
Embeds Zeus Trojans
E-mail attachments
Corrupt PDF files
Advanced
malware
Sends spear-phishing e-mails tools for
Extracts specific information
Takes over vulnerable systems
the masses:
point
and click
Targets specific user communities
Plants custom Trojans on legitimate sites
7
8. IT Security Must Adapt
IT security must complement a traditional
software-only approach to implement security
prevention lower in the platform
If the innovation of Stuxnet combines with easy-to-use
programming toolkits like Zeus, it becomes a far greater
threat to the enterprise
Rootkit methods will continue to shift below the user
and kernel levels
Attacks will target the boot, hypervisor,
and firmware levels
8
9. Next-Generation Security from
Intel and McAfee
Preventing these stealthy threats from gaining entry into your
systems is the most effective solution
The industry’s first proactive security* approach
Combines world-class processor technology with leading security
software for an integrated security solution
Designed to help stay ahead of crimeware innovation, from PCs and
mobile devices to industrial controls and other intelligent clients
*No computer system can provide absolute security under all conditions. Built-in security features available on
9 select Intel® Core™ processors may require additional software, hardware, services, and/or an Internet
connection. Results may vary depending upon configuration. Consult your PC manufacturer for more details.