Avast!’s GMER technology gets top score in rootkit detection tests

GMER version 1.0.15 wins comparative test of 12 anti-rootkit programs by Anti-Malware Test Lab

(May 5, 2010, PRAGUE) ALWIL Software, developer of the award-winning avast! Antivirus program, has announced that its built-in GMER technology has earned recognition from Anti-Malware Test Lab, a respected independent security testing organization, as the highest ranked solution for the detection and removal of rootkits. A rootkit is a type of malware that hides itself within a computer’s operating system.

Anti-Malware Test Lab graded the ability of 12 programs to identify and eliminate a selection of rootkits from a computer running on a fully updated XP Professional operating system. The Lab tested GMER 1.0.15, a stand-alone version of the GMER technology which is a standard part of avast! Antivirus software.

“GMER is fully integrated and optimized within avast!,” said Przemyslaw Gmerek, founder, GMER. “Our software detects rootkits by behavior, before they can actually load, which makes it very effective for dealing with known and unknown types.”

avast! has used GMER in its antivirus program since 2007. “We especially like GMER’s emphasis on scanning all levels of the operating system to catch rootkits,” said Ondrej Vlcek, chief technology officer, ALWIL Software, the maker of avast! Antivirus. “This test looked at the program’s ability to detect and remove rootkits, and the results speak for themselves.”

The full report is at: http://www.anti-malware-test.com/

The Rootkit Threat

Rootkits share of all Windows-targeted malware increased from 0.7 to 5.3 percent during 1Q2010, according to samples submitted by the avast! Community to the Virus Lab. The sharp jump was due to the new ‘Banker’ rootkit according to avast! specialists. The Virus Lab received approximately 250 million samples of Windows malware each month from Community members during 1Q.

“Banker is part of a bigger package of malware, helping other viruses find a home inside an infected computer in addition to monitoring keystrokes,” said Michal Trs, avast! Virus Specialist. The avast! Virus Lab discovered the first Banker rootkit on March 23 and a second variant by the same author on April 11.

The rise of Banker comes as the better-known Alureon rootkit has converted to a more traditional malware. Earlier this year, Alureon became famous for causing infected computers running on the Windows XP operating system to crash during a routine security update.

Rootkits are activated before the computer’s operating system has completely booted up, renaming operating system files, making removal of the malware difficult. Rootkits are often used to install hidden files which are then used to intercept and redirect private data from the computer to the rootkit creator.

“The technology behind them is much more sophisticated than in the average bit of malware,” said Przemyslaw Gmerek. “First, they hide in the operating system, allowing them to stay active and undetected for a long period. This increases the potential damage exponentially. Second, there is often a financial objective to the infection, with rootkits often targeting banking and password data on computers.”

The biggest risk is to people running the 32 bit operating systems such as Windows XP. “We find that most of our behavior-based rootkit detections are on 32 bit systems,” explained Mr. Trs. “With a 64 bit operating system, users are safer as this does not allow drivers to be loaded without a certificate, significantly reducing the chances of rootkit infection.”

To keep their computer secure from rootkits, consumers need to ensure that they have both on-demand scanning capabilities to look for infections in their computers as well as updated, real-time protection to keep rootkits from entering. This protection is provided by GMER as a stand-alone anti-rootkit program and as an integral component of avast! Antivirus.

Rootkits and Community – the April Report
Windows malware detections 263,995,872 Rootkit detections 14,121,984 Rootkits share of Windows malware 5.3% Top three rootkits (percentage of the total) Banker
  • Win32:Banker-GNG[Rtk]
  • Win32:Banker-GOA[Rtk]
78.3% Qandr – Win32:Qandr[Rtk] 16.81% Alureon – Win32:Alureon/family[Rtk] 1.3%

*Community is the opt-in sensor network of avast! Antivirus users.