Kaspersky maligns McAfee's "shoddy rat"
Two weeks ago, McAfee made headlines with its description of 'Operation Shady Rat', which involved the hacking of and theft of data from 72 organisations in 14 countries. With characteristic bluntness, Eugene Kaspersky has now responded by claiming that the report was guilty of scaremongering and disseminating deliberately distorted information.
The head of the Russian anti-virus vendor believes that the malware is "a lame piece of homebrew code that could have been written by a beginner." He assesses the market value of the malware as at most a few hundred dollars and notes that much more sophisticated malware is available on the black market for $2,000 to $3,000. According to Kaspersky, malware such as Stuxnet or TDL represents a far greater threat to governments, companies and other organisations. Kaspersky justifies the tone of his accusations by opining that McAfee's analysts could not possibly maintain that they were unaware of all this.
Indeed McAfee's description of Shady Rat does not detail any great level of sophistication. By contrast, the TDL rootkit in particular is constantly unveiling novel techniques which astonish even hardened malware analysts. TDL4 (the most recent version), for example, inserts its own encrypted file system into the Windows kernel to hide itself from prying eyes.
On the other hand, the wide distribution of TDL4 detailed by Kaspersky is not a good measure of the threat posed by malware used for stealing data from companies and governments. The criticism that the means of distribution – by email – is old hat (modern botnets generally utilise drive-by downloads from web sites) merely illustrates that Kaspersky's argument confuses different attack scenarios.