Threat Management, Threat Intelligence, Malware, Network Security, Vulnerability Management

Kaspersky says McAfee report is all bark and no bite

The CEO of Kaspersky Lab is the latest security expert to take a shot at McAfee's recently released "Shady RAT" report which uncovered a massive cyberespionage operation that the firm said has affected scores of companies over the past five years.

In its 14-page report, McAfee detailed Operation Shady RAT, a five-year-long advanced persistent threat (APT) and cyberespionage offensive which reportedly has plundered intellectual property from some 72 companies across 14 nations. Organizations in the United States, Taiwan, South Korea, Vietnam and Canada were among the targets, according to the report. Nearly 50 of the affected entities were corporations, government agencies – particularly defense contractors – and nonprofits based in the United States.

But, in a blog post Thursday, Eugene Kaspersky said his company is not too concerned about the report, arguing that the malware referenced is not very sophisticated. He wrote that it did not use any "novel techniques or patterns" and there were "striking shortcomings that reveal the authors' low level of programming skill and lack of basic web security knowledge."

Kaspersky spent much of his blog post answering the questions posed to McAfee last week by Rep. Mary Bono Mack, R-Calif., who wanted to learn more about the report. Throughout his post, Kaspersky referred to Shady RAT as a botnet, saying that its presence was minimal and that most traditional anti-virus solutions were capable of eradicating it.

A McAfee spokeswoman told on Thursday that the company was planning a response to recent industry criticism of its report. The report's lead author, Dmitri Alperovitch, VP of threat research at McAfee, did object to Kaspersky on at least one point, according to a tweet.

Another McAfee competitor, Symantec, also has challenged the report, saying other threats, such as the pernicious Zeus data-stealing malware, pose more of a threat to organizations.

"While this attack is indeed significant, it is one of many similar attacks taking place daily," Symantec researcher Hon Lau wrote in a blog post. "Sure the people behind it are persistent, but no more so than the myriad of other malware groups out there, such as Zeus, Tidserv and others like them."

Ira Winkler, president of the Internet Security Advisors Group, said he takes issue with vendors denouncing the report.

While he said the data contained in the paper may indeed be dated and provides "no actionable intelligence for the average person," many in the industry are misguided in their aspersions.

"The problem is we have vendors more interested in working against each other than working with each other," Winkler told on Thursday. "They shouldn't be wasting their time writing a response to someone else's marketing literature. Why aren't they putting their efforts to sharing knowledge?"

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.