Computerworld - U.S. and Russian antivirus vendors took shots at each other as they quarreled over a recent report of a cyber campaign that allegedly infiltrated scores of Western governments, organizations and corporations.
The report, released earlier this month by McAfee, claimed that a half-decade-long hacker operation compromised more than 70 U.S. and foreign government agencies, defense contractors and international organizations to plant malware that in some cases hid on networks for years.
McAfee's report was picked up by numerous news outlets, and even caught the eye of Congress. On Aug. 10, Rep. Mary Bono Mack (R-Calif.), the chairman of the House subcommittee on commerce, manufacturing and trade, sent a letter (download PDF) to McAfee asking for more information on the intrusions.
McAfee dubbed the campaign "Shady RAT" and said it was an example of an "advanced persistent threat," or APT, a term that's been used widely by mainstream security companies, and in news reports, since Google claimed that Chinese hackers had breached its network.
Last Thursday, the CEO of Moscow-based Kaspersky Labs took exception to McAfee's conclusions, especially that the attacks were sophisticated enough to justify the "advanced" part of the APT label.
"We consider those conclusions to be largely unfounded and not a good measure of the real threat level," said Eugene Kaspersky, CEO and co-founder of the company that bears his name.
"We found no novel techniques or patterns used in this malware," Kaspersky continued in an entry titled "Shady RAT: Shoddy RAT" on his personal blog. "What we did find were striking shortcomings that reveal the authors' low level of programming skill and lack of basic web security knowledge."
This wasn't the first time Kaspersky's company criticized its rival. Three weeks ago, Kaspersky and other security firms questioned McAfee's claims.
Kaspersky also claimed that the Shady RAT attacks originated from a long-known botnet, and cited McAfee for "crying wolf."
"But [we] decided not to ring any alarm bells due to its very low proliferation.... It has never been on the list of the most widespread threats," said Kaspersky. "For years now, the industry has adopted the simple and helpful rule of not crying wolf."
That implied accusation got a reaction out of McAfee.
"He's missing the point," countered Phyllis Schneck, McAfee's vice president and CTO for the antivirus company's global public sector group, in a Friday blog post of her own. "It's not the sophistication of the attack that's important, and this is a clear case where technical arguments are preventing some people from seeing the larger, more important picture."
Schneck argued that Shady RAT was newsworthy because of the number of targeted agencies, organizations and companies, as well as the attack's duration and the amount of data allegedly taken. "Quiet, insidious, market-changing threats like these hide in the noise of botnets, 'hacks,' and other high-profile or nuisance events," Schneck said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
