# McAfee Warns of Massive 5-Year Hacking Plot



## klawrence (Aug 3, 2011)

By John P. Mello Jr., PCWorld    Aug 3, 2011 9:24 AM 

Every company in every conceivable industry is compromised by hackers - or will be* shortly - according to a report from McAfee, a major maker of cybersecurity software.

"I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact," Dmitri Alperovitch, McAfee's vice president of threat research, wrote in the report, "Revealed: Operation Shady RAT."

"In fact," he added, "I divide the entire set of Fortune Global 2000 firms into two categories: those that know they've been compromised and those that don't yet know."

In the report, McAfee revealed that more than 70 organizations around the world --including the United Nations, several national Olympic committees, 13 defense contractors and governments in the United States, South Korea, Taiwan, Vietnam and India -- had been compromised in an operation the company is calling "Shady RAT."

According to McAfee, its analysis of Shady RAT is "the most comprehensive analysis ever revealed of victim profiles from a five-year targeted operation by one specific actor."

"This is not a new attack, and the vast majority of the victims have long since remediated these specific infections (although whether most realized the seriousness of the intrusion or simply cleaned up the infected machine without further analysis into the data loss is an open question)," it added.

The Shady RAT data thefts are just a small part of a larger picture, the report noted. "What is happening to all this data ... is still largely an open question," it acknowledged.

McAfee gathered the information for its report by cracking into a command and control server used by the hackers and accessing logs on the machine that detailed the bandits' activity.

In its report, the company contended that Shady RAT had the fingerprints of a nation state on it. The "interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC) and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks," McAfee reported.

The report noted that the shortest time an organization was compromised was less than a month, a distinction held by nine of the targeted entities. But Alperovitch cautioned that "that this may not necessarily be an indication of the rapid reaction of information security teams in those organizations, but perhaps merely evidence that the actor was interested only in a quick smash and grab operation."


----------



## cheesy999 (Aug 3, 2011)

i take it this is to sell one of the only anti-virus that is completely useless at catching anything


----------



## Bo$$ (Aug 3, 2011)

yep. they are better of with no protection


----------



## micropage7 (Aug 3, 2011)

its like intelligent report
i dunno whats true but better preparing for the worst case scenario


----------



## ron732 (Aug 3, 2011)

Here is a McAfee white paper about Shady RAT. It is interesting but I won't be counting on McAfee to protect me.

http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf


----------



## johnspack (Aug 4, 2011)

But Mcafee is the best!  Wait...  oh yeah... that was back when I was running dos 3.3......


----------



## Sir B. Fannybottom (Aug 4, 2011)

Yeah, mcafee is shit. When i was buying my laptop the guy working there kept trying to sell me a stupid mcafee 1 year protection for only $20! I kept telling him no. This went on for about 20 mins. The best thing I would say is Microsoft security essentials, or avast. More MSE because it's free


----------



## johnspack (Aug 4, 2011)

Yep,  tests are everywhere to show you.  I even thought Comodo was good...
http://www.av-test.org/certifications
We all learn.


----------



## twilyth (Aug 4, 2011)

johnspack said:


> Yep,  tests are everywhere to show you.  I even thought Comodo was good...
> http://www.av-test.org/certifications
> We all learn.



Great site - thanks.


----------



## Sir B. Fannybottom (Aug 4, 2011)

O_O Wow, I think I'm switching to F secure. Isn't that a drive formating program? I think I have that on a old disc.


----------



## Solaris17 (Aug 4, 2011)

so has anyone yet questioned were macafee got the authority to just hack into someones mainframe? or did i miss something?


----------



## Sir B. Fannybottom (Aug 4, 2011)

Craig's list, you can find anything on there.


----------



## Peter1986C (Aug 4, 2011)

johnspack said:


> Yep,  tests are everywhere to show you.  I even thought Comodo was good...
> http://www.av-test.org/certifications
> We all learn.



This single page does not say much, nothing about their methodology, what exact criteria there were for the grades, what version of the programs (important, as such tests are always giving a view on the protection at that particular moment) and maybe I am forgetting some other important aspects in this list.

BTW, AV comparatives actually found a lower detection rate for MSE then for Panda, McAfee, Norton etc(though the difference is quite negligible IMHO). in their on demand tests of last February: http://av-comparatives.org/images/stories/test/ondret/avc_od_feb2011.pdf
And the proactive protection (against unknown malware) sucks with all/most AV programs: http://av-comparatives.org/images/stories/test/ondret/avc_retro_may2011.pdf


----------



## johnspack (Aug 4, 2011)

Read any of this stuff?:
http://www.av-test.org/publications


----------



## johnspack (Aug 4, 2011)

If you don't like those,  google is your friend!  http://www.google.ca/search?q=antiv...org.mozilla:en-US:unofficial&client=firefox-a


----------



## twilyth (Aug 4, 2011)

Solaris17 said:


> so has anyone yet questioned were macafee got the authority to just hack into someones mainframe? or did i miss something?


Yeah, they just sorta glossed over that part. 



Chevalr1c said:


> BTW, AV comparatives actually found a lower detection rate for MSE then for Panda, McAfee, Norton etc(though the difference is quite negligible IMHO). in their on demand tests of last February: http://av-comparatives.org/images/stories/test/ondret/avc_od_feb2011.pdf
> And the proactive protection (against unknown malware) sucks with all/most AV programs: http://av-comparatives.org/images/stories/test/ondret/avc_retro_may2011.pdf


I think a lot probably relates to how they weight things.  While absolute detection rates might be objective, giving an overall score is at least partly subjective.

But I have to admit I was surprised by the low ratings AV Test gave Avira.  One of their strongest points has always been 0-day detection and from the AVC tests it was only bested by ESET and G-data - but both of those had higher false alarm rates.


----------



## Kreij (Aug 4, 2011)

Did anyone do any research on the web as to what this is about? Anyone?
It has nothing to do with McAfee products or any other AV company's products.
Many of the world governments utilize the data that the AV companies collect based upon the digital remains of malware infestations (in this case phishing malware which no AV software will stop if the user allows the installation).

Yes, these company's employ people who know how to hack into computers. How else would they be able to try to mitigate that potential threat. The governments know this too and utilize all of the AV makers' resources to find out just WTF is going on.

Cyber-warfare is not script kiddies trying to get 1337 status. It is not about compromising just military installations and the like. Most "state-level" hacking is all about economics and the ability to manipulate world markets.  Please inform yourselves before you make an offhand comments like "McAfee sucks".


----------



## Peter1986C (Aug 4, 2011)

johnspack said:


> Read any of this stuff?:
> http://www.av-test.org/publications



The link in post #14 leads to a page with a list of magazines they contribute to. I regard that as non-information myself.

I checked a few of the reports on that site and there is indeed a brief description on the "how", but still it is too much a case of "giving some numbers". What I could not find for example is how many test samples they used.



twilyth said:


> But I have to admit I was surprised by the low ratings AV Test gave Avira. One of their strongest points has always been 0-day detection and from the AVC tests it was only bested by ESET and G-data - but both of those had higher false alarm rates.



My impression is that the higher the detection rates are, the higher the risks involved that one is getting lots of false positives (the bad side of fanaticism  )

@Kreij: Thanks for the remark, I dislike it too how the folks here started to piss about the workings of McAfee/AV software in general which is not related (_however_, I decided to react to it the way I did because some "sidenotes" I wanted to give).


----------



## Kreij (Aug 4, 2011)

Chevalr1c said:


> @Kreij: Thanks for the remark



Hey ... I'm just yer crazy old Uncle Kreij trying to get you to look beyond what you're spoon fed by the most vocal media outlets. But that is neither here nor there.

Carry on.


----------



## twilyth (Aug 4, 2011)

Chevalr1c said:


> My impression is that the higher the detection rates are, the higher the risks involved that one is getting lots of false positives (the bad side of fanaticism  )



Well, not exactly.  They go on to quantify the level of false alarms and when they do that, Avira and Kaspersky come out on top.  It's quite a good and detailed discussion.

I should also point out that Avira has a lot of customizable settings that are not default out of the box - like heuristics level.  Avira made some specific requests regarding configuration prior to the test.  That might be another reason for the low rating from AVtest - they might be judging it only on default settings.


----------



## Peter1986C (Aug 4, 2011)

twilyth said:


> I should also point out that Avira has a lot of customizable settings that are not default out of the box - like heuristics level. Avira made some specific requests regarding configuration prior to the test. That might be another reason for the low rating from AVtest - they might be judging it only on default settings.



Because most people may think they are "done" once installed. So that (testing with default settings) is only a good thing


----------



## Solaris17 (Aug 4, 2011)

Chevalr1c said:


> Because most people may think they are "done" once installed. So that (testing with default settings) is only a good thing



I agree with this. I customize everything. however for those not in the know and probably the type of people getting attacked, better settings out of the box may be a better idea.


----------



## twilyth (Aug 4, 2011)

That's true for most people, but we're not all most people - especially here on TPU.   Personally, I'd rather get the full picture.  Plus I don't really believe that Avira is that bad out of the box, but that's at least partly personal bias.


----------



## Solaris17 (Aug 4, 2011)

twilyth said:


> That's true for most people, but we're not all most people - especially here on TPU.   Personally, I'd rather get the full picture.  Plus I don't really believe that Avira is that bad out of the box, but that's at least partly personal bias.



me as well, I never agreed with the list, only that settings out of the box should be modded ,(like heuristics on high) I personally use avast Is and i dont think it does that bad what so ever.


----------



## remixedcat (Aug 4, 2011)

sophos was iffy in one of those tests. Symantec did better. Wow. I'd had Macaffee let several bad things through a handful of years ago that Symantec got and killed. I used SEP and it also had much lower memory usage then macafee's A/V. MAF would thrash all the time got very tired of it. It's worthless. Sophos is excellent. I've used Avast and it was great too.

A/V clients I've used in order of protection rank:

Moon secure
macafee
clam av
avast and symantec tied
sophos

longest duration used

symantec and avast.


----------



## Drone (Aug 4, 2011)

Hmmmmmmm yeah in year 2011 we got so many news about hacks. To be honest I don't even remember a day since early spring 2011 when there wasn't any news that something/one got hacked  and it's happening at alarming rate. Even mobile world and macs ain't no safe anymore.


----------



## Hybrid_theory (Aug 6, 2011)

Drone said:


> Hmmmmmmm yeah in year 2011 we got so many news about hacks. To be honest I don't even remember a day since early spring 2011 when there wasn't any news that something/one got hacked  and it's happening at alarming rate. Even mobile world and macs ain't no safe anymore.



Macs were never safe. Now they have a higher market share, so theyre more of a target. same with mobile phones.


----------

