Prevx CSI Uncovers the Rise of the Rootkits; Research Shows Stealth Malware Evading Traditional Security Products at an Alarming Rate

Share Article

725,000 PCs and Two Months Later, Prevx CSI Continues to Highlight Major Security Concerns for Consumers and Businesses

Prevx Logo

Computer security products are not foolproof. Many PCs may be infected even though users and businesses have up to date antivirus and antispyware products

Prevx, leaders in Automated Malware Research, today announced that updated statistics collected by its Prevx CSI spotlight a growing concern in both the number of infected PCs and those harboring silent rootkit infections - so called Stealth Malware - the worst possible form of malicious software. The Prevx CSI Scanner, in use by over 725,000 PCs during the past two months shows that increasing numbers are falling prey to rootkit infections. Rootkits are a major concern because while a user believes his or her computer is "clean" from infection and continues to use it, he or she is exposing more and more information to criminals who can use this type of malware to gather personal information across the web, often as it is being entered. Information is fast becoming the new currency of the cyber criminal and rootkits are stealing it often without any trace.

"The rise of the rootkits has begun," commented Jacques Erasmus, Director of Malware Research at Prevx. "Consumers and businesses now have a significant new threat to security and privacy to worry about. Rootkits are often undetectable and extremely difficult to remove. Both detection and removal are well beyond the capabilities of traditional Antivirus, Antispyware and so called Internet Security Suites."

In October 2007, Prevx launched Prevx CSI, which provides a simple method for users to quickly and easily check their PCs for signs of active spyware and malware. During October, approximately 291,000 users downloaded Prevx CSI from and discovered active spyware or malware on 1 in 6 of all PCs checked.

With around fifteen thousand new users checking their PCs every day using Prevx CSI, more than 725,000 PCs have now run checks with the product. On December 1, 2007, Prevx enhanced Prevx CSI to include powerful rootkit detection and expanded the scope of its active spyware and malware detection capabilities. The result of these changes has been an increase in the number of PCs seen to have one or more active spyware, malware or rootkit programs running on them - from 15.6 percent or 1 in 6 during October 2007, to 22 percent or more than 1 in 5 today.

Rootkits Demystified
Rootkits are a type of stealth malware that is often "dropped" or buried by other computer infections. The buried rootkits then modify the Operating System of the infected PC to hide themselves from both the user and their PC's security products. By doing this, and evading detection, rootkits can gain total power over the PC allowing criminals to remotely monitor, record, modify, steal and transfer any information entered or stored on it.

Once installed, rootkits can disable PC firewalls and traditional security products at will. Many rootkits display no symptoms and are totally undetectable by conventional antivirus and antispyware applications.

Prevx Rootkit Research
The table below shows a comparison of statistics published for October 22, 2007 with those collected through December 9, 2007.

PREVX CSI Computer Infection Statistics - October 22 - December 9

A - Dates
B - New Prevx CSI Users
C - Users with Active Spyware/Malware
D - % Infected Of All Users
E - % Using Security Recognized AV/AS installed
F - % Infected with AV/AS Security

A     B     C     D     E     F
10/22    290,647    45,251    15.6%    78%    13.8%
12/09    419,939    92,233    22.0%    77%    18.9%
Total    710,586    137,484    19.3%    77%    17.6%

On Dec 1, 2007, Prevx CSI was enhanced to detect rootkits. Since then 114,891 new users have run Prevx CSI with this feature enabled. 1,678 PCs have been discovered with significant rootkit infections, 1.46 percent or approximately 1 in 70 PCs checked, and almost 15 times higher than the 1 in 1,000 PCs previously estimated by industry experts.

Among the 1,678 rootkit infected PCs the following rootkit components were most prevalent:

PREVX Research: Rootkit Component Prevalence

Rootkit        PCs Infected                         Component
NDT2.SYS        121        Rookit.Gen
SROSA.SYS                         90        Rootkit part of W32.Beagle.GM
UNPR.SYS         82        Win32.KillAV.Cn
FMTR.SYS         82        Rogue Security Rootkit
INDT2.SYS                         78        Rootkit.Gen
RUNTIME2.SYS     72        Rootkit.BI
XPDX.SYS         71        Rustock.B

14 Percent of Businesses Checked Found Rootkit Infections
In the first 9 days of December 2007, 93 companies used the free Business scan feature of Prevx CSI. 68 of these companies had one or more infected PCs and 13 companies, or 14 percent, had one or more PCs with rootkit infections.

"Computer security products are not foolproof. Many PCs may be infected even though users and businesses have up to date antivirus and antispyware products," stated Mel Morris, Prevx CEO. "Users often don't realize something is amiss until they run a full antivirus scan of their PCs with updated signatures. Even then, rootkits will often go undetected. Part of the problem is that antivirus scans simply take too long and users just can't be bothered to wait. This is why we created Prevx CSI which takes between one and two minutes to seek out active spyware, malware and rootkits."

Morris added, "Prevx CSI is proving much more usable and effective because it checks PCs very quickly, taking one to two minutes, and unlike conventional antivirus, Prevx CSI is always up-to-date with real-time access to our vast malware research database. Prevx has a strong reputation for detecting new threats quicker than most vendors and Prevx CSI allows users and businesses to easily benefit by adding Prevx CSI as another important layer of security without impacting system performance or affecting their existing security applications."

Prevx urges computer users and businesses, even those who believe their PC is safe, to check their PCs free of charge with Prevx CSI. It now takes less than two minutes to check a PC for active spyware, malware and even rootkit infections. Business users can easily check a whole department in less than one hour. Prevx CSI is available at

About Prevx
Prevx Limited is a privately held business specializing in automated malware research, active spyware and malware detection and remediation and end-point protection technologies for consumers, businesses, Internet Service Providers and Security OEMs. More information about Prevx is available at

Media Contact
Arthur Germain
Principal, Communication Strategy Group for Prevx


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Arthur Germain
Email >

Arthur Germain
Visit website