DeepSafe reveals blue chip firms hit with dangerous malware

Malware researchers are making regular headlines for their companies by detailing new sophisticated multi-pronged attacks and espionage toolkits. It’s news for most of us, but not for McAfee, according to its engineering chief.

These anti-virus companies were able to discover new malware from their extensive threat intelligence networks, among other sources.

The networks were compiled in part from data feeds pouring in from customer deployments and honeypots setup around the world.

But McAfee has what it says is a unique source; DeepSafe, the somewhat mystical anti-rootkit technology borne from the $7.6 billion buy of McAfee by Intel.

Little about the nuts and bolts of the product was known, save for some glossy pdf documents and slideshow presentations.

Those in the know include McAfee’s legion of 200 engineers dedicated full-time to building the core functions of the product and its rootkit knowledge base.

It also included Fortune blue chip enterprises, critical infrastructure operators and security-conscious government agencies that were trialling DeepSafe, including, SC understands, at least one Australian Government agency.

“A lot of the recent attacks are rootkit-centric, they are targeted,” McAfee advanced technology chief Michael Fey said during trip down under to talk with customers this week.

“The disadvantage of having top tier corporate customers is that we see attacks reported by competitors that we already know about.”

Simply put, the success McAfee claims of DeepSafe served as a publicity gag.

Fey wouldn’t be drawn on identifying specific rootkit-based attacks it has seen against DeepSafe customers, but he hints that the trials had detected malware reported in recent headlines as sophisticated and highly-targeted.

Its trial customers were scared of rootkits, and rightly so according to the engineering chief.

For Fey, the crimeware underground was becoming highly competitive: “The desire to access machines is pushing people to develop and deploy better rootkits”.

DeepSafe was first deployed across McAfee’s corporate network. It’s running on Fey’s Dell Ultrabook.

That’s where much of the engineering heavy lifting was done. The 200-strong Hardware Assisted Technology engineering team – Fey claims it is as big as the total engineering headcount of some of McAfee’s chief competitors – had to work out how to make a product that operated outside and below the operating system to run smoothly.

“It’s something outside the OS, where things like pulling down updates isn’t easy. This core work is a sizeable effort.”

And something that was not possible without bankrolling from Intel. “To put it bluntly, as a public traded entity, we couldn't afford to pull it off,” Fey said.

Copyright © SC Magazine, Australia