Printer Friendly
The Free Library
14,530,717 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

2001 anti virus review: Kaspersky Labs presents a year-end review of events taking place in anti-virus safety. (Security).


2001 saw anti-virus companies achieve many definitive successes in the area of new anti-virus development, as well as the perfecting of already existing defence technologies thwarting malicious programs. In spite of these achievements, the year also witnessed a further increase in the number of users who suffered from virus attacks.

The rapid development of information technology (IT) has its pluses and minuses. On one hand, IT increases the effectiveness and efficiency of communication, developing documents, completing financial transactions, and in general has a very positive effect on conducting business. On the other hand, the continuing development of IT attracts even more new users, with the majority having only a superficial understanding of proper computer safety guidelines and rules. Because of this, even the most primitive malicious program can be enough to cause a global epidemic, such as with the "Kournikova" virus. These factors are the main reason for the worsening wors·en  
tr. & intr.v. wors·ened, wors·en·ing, wors·ens
To make or become worse.

Noun 1. worsening - process of changing to an inferior state
decline in quality, deterioration, declension  conditions in the antivirus defence area.

Not one month passed in 2001 without the latest virus epidemic infecting computer systems in various countries. It is important to note that this is precipitated by virus writers actively creating new methods for the virus penetration of computers, giving a further rise to the amount of virus incidents.

The following is a brief checklist of 2001 developments in the area of anti-virus safety:

* The widespread distribution of malicious programs exploiting breaches and holes in software safety systems;

* E-mail and the Internet solidified so·lid·i·fy  
v. so·lid·i·fied, so·lid·i·fy·ing, so·lid·i·fies

v.tr.
1. To make solid, compact, or hard.

2. To make strong or united.

v.intr.  their positions as the most dangerous sources for malicious programs;

* The creation of other popular alternative means - ICQ ("I Seek You") A conferencing program for the Internet from Mirabilis, Tel Aviv, Israel (www.icq.com). It provides interactive chat, e-mail and file transfer and can alert you when someone on your predefined list has also come online. , Gnutella, MSN Messenger Microsoft's instant messaging (IM) service, which provides text messaging and voice calling. Part of the MSN Network, MSN Messenger clients are available for non-XP versions of Windows, Mac, Pocket PC and MSN TV. For Windows XP, the IM client is Windows Messenger. , IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel.  - for the spreading of malicious programs;

* The increase of malicious programs for Linux;

* The appearance of "fileless" network worms;

* The predominance pre·dom·i·nance   also pre·dom·i·nan·cy
n.
The state or quality of being predominant; preponderance.

Noun 1. predominance - the state of being predominant over others
predomination, prepotency  of Windows network A local area network (LAN) made up of Windows clients and servers. Starting with Windows for Workgroups 3.1 in 1992, all versions of Windows have built-in networking. See Windows and NetBEUI network.  worms, and the sharp decrease in script- and macro-viruses on the list of the most widespread malicious programs.

Safety System Errors

A breach is an error in a regular software program, through which a malefactor MALEFACTOR. He who bas been guilty of some crime; in another sense, one who has been convicted of having committed a crime.  is able imperceptibly im·per·cep·ti·ble  
adj.
1. Impossible or difficult to perceive by the mind or senses: an imperceptible drop in temperature.

2.  to penetrate a computer with malicious code.

The danger inherent in-this type of virus is that it is activated automatically and virtually independent of a user. For example, in order to be infected by Nimda, a user simply needs to either open or read a message containing the worm in the preliminary viewing window. CodeRed doesn't even require this - it independently locates vulnerable computers via the Internet and infects them. The main event of 2001 was the widespread distribution of malicious programs exploiting breaches and holes in an operating system's safety measures safety measures,
n.pl actions (e.g., use of glasses, face masks) taken to protect patients and office personnel from such known hazards as particles and aerosols from high-speed rotary instruments, mercury vapor, radiation exposure, anesthetic and  and applications for the purpose of penetrating computers (examples of such viruses are CodeRed, Nimda, BadtransII etc.)

According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3.  Kaspersky Labs Kaspersky Lab is a computer security company, co-founded by Natalia Kaspersky and Eugene Kaspersky in 1997, offering antivirus, anti-spyware, anti-spam, and anti-intrusion products.  statistics, this type of malicious code has been responsible for 55% of the overall virus incidents occurring in 2001. This percentage speaks volumes for the necessity of adhering to the important anti-virus safety rules.

The particular attention paid by the computer underground to these breaches is perfectly understandable. While the traditional method of a virus penetrating a computer-when a user personally starts up an infected file-is just as effective as it previously was, it is not so efficient in achieving a malefactor's designs. This is because long ago, the majority of users realized the danger present in attached files. Therefore, many people simply prefer not to open such messages, asking a sender to instead send the information in the e-mail body. Taking this into consideration, virus writers have begun their search for new, more effective means of infecting computers, and they have found this new means in safety system vulnerabilities, i.e., breaches.

In order to guarantee yourself protection against such malicious programs, it is imperative to combine the use of Kaspersky Anti-Virus Kaspersky Anti-Virus (Russian: Антивирус Касперского; formerly known as AntiViral Toolkit Pro) is an antivirus program developed by Kaspersky Lab. , with the installation of the special software patches closing the well-known breaches. The patches are available free of charge directly from the developers of applicably vulnerable software, and can be found at the corresponding company's Web site.

Kaspersky Labs recommends paying particular attention to the patches for MS Windows, MS Outlook, and MS Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. , as they are the software most susceptible to virus attacks via the above-mentioned breaches. In order to receive an announcement about an available patch in a timely manner, a user should subscribe to Verb 1. subscribe to - receive or obtain regularly; "We take the Times every day"
subscribe, take

buy, purchase - obtain by purchase; acquire by means of a financial transaction; "The family purchased a new car"; "The conglomerate acquired a new company";  the mailing list An automated e-mail system on the Internet, which is maintained by subject matter. There are thousands of such lists that reach millions of individuals and businesses. New users generally subscribe by sending an e-mail with the word "subscribe" in it and subsequently receive all new  of the appropriate software developer.

E-mail and the Internet - `The Main Virus-Threat Sources

In 2001, according to Kaspersky Lab data, the number of virus attacks via e-mail, compared to 2000, increased by 5%, reaching 90% of overall virus-related incidents. In conjunction with this, there has been a noticeable increase in the number of computers infected via the Internet. Whereas before, the majority of infections were a direct result of a user downloading an unscanned file from a Web site and starting it up on his/her computer, today, more and more incidents of infection occur during an intended or accidental visit to an infected site. This occurs when a malicious program overrides one of the victim-site's pages so that when a user browses this page, his/her computer can be infected in two cases: The first occurs when a malefactor exploits a breach in the Web browser's safety system - most often on Internet Explorer (these breaches allow for a computer to be imperceptibly infected the moment a compromised page is viewed). The second case occurs automatically when a user downloads a proposed page containing malicious code.

In 2001, it also became clear that there are vulnerabilities inherent in many Internet paging systems (ICQ, Instant Messenger AOL's instant messaging service. See AIM and instant messaging. ), popular amongst users, used for the spreading of a whole string of malicious programs. For example, Gnutella, the information-exchange network, fell victim to the network worm Mandragore; and a very large number of worms have been programmed for spreading via IRC.

Today's trend allows for the assessment that soon, e-mail and the Internet will become the most popular means for virus spreading. We must once again emphasize the importance of installing a reliable anti-virus defense for thwarting virus attacks via these sources.

Attacks on Linux Continue

2001 also saw the appearance of even more malicious programs targeted at the Linux operating system operating system (OS)

Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. . The first sign of this was the Ramen ra·men  
n.
1. A Japanese dish of noodles in broth, often garnished with small pieces of meat and vegetables.

2. A thin white noodle served in this dish.  network worm that was detected on January 19, and since that time, has struck a large number of corporate systems. Among the list of those falling victim to the Ramen worm were NASA NASA: see National Aeronautics and Space Administration.
NASA
 in full National Aeronautics and Space Administration

Independent U.S. , Texas A&M University, and Supermicro, a Taiwanese computer equipment producer.

Following this, the infection rate took on a flash-flood effect: Ramen clones appeared along with other original Linux worms, causing the same amount of virus incidents. Virtually all malicious programs for Linux exploit breaches in this operating system, and the widespread nature of these viruses demonstrates Linux's inability to withstand current new threats. By considering Linux to be impenetrable im·pen·e·tra·ble  
adj.
1. Impossible to penetrate or enter: an impenetrable fortress.

2. Impossible to understand; incomprehensible: impenetrable jargon. , users have not responsibly responded to the necessity of installing Linux patches and an anti-virus in general. As a result, many users have also fallen victim to Linux worms.

The Linux situation would be even graver were the operating system not simply used on specialized servers, but were it also used as a workstation platform. Were Linux used as a workstation platform, the number of Linux users would increase many times over; thus, attracting the interest of an ever increasing number of virus writers creating malicious code for Linux.

"Fileless" Worms - The Next Call to Arms ! a summons to war or battle.

See also: Arms  for the Anti-Virus Industry

One of 2001's most unpleasant surprises came in the form of detecting a new type of malicious code (CodeRed and BlueCode) able to actively spread and function on an infected computer without the use of a file. While in operation, such programs are present in the system memory only, and upon transfer to other computers, the programs are in the form of special data packets.

This peculiarity created serious problems for anti-virus developers, because traditional technology (anti-virus scanners and monitors) is incapable of effectively withstanding such a new threat. The standard defence algorithms thwarting malicious code,are based on intercepting file operations. The global epidemic caused by CodeRed (which according to some estimates has infected over 300,000 computers) confirmed the effectiveness of the `fileless' technology. It is important to note that even now, most computers have inadequate defense measures against this type of malicious code. Taking this into consideration, Kaspersky Labs believes next year will witness a repeat epidemic caused by new versions of "fileless' worms.

Windows Worms Make Their Entrance

In 2001, there has been a sharp change in the make-up of the most widespread malicious programs. From 1999-2000, the unquestionable leaders of all viruses were macro- and, a bit later, script-virus worms. However, at the beginning of this year, the situation began to change drastically, and already nearly 90% of registered cases of computer infection have been caused by Window worms.

The reason behind such an about-face change is witnessed in the development of an effective means for battling macro-and script-viruses, found in the ability of an anti-virus to neutralize neutralize

to render neutral.  both existing and potential threats of this type. For example, the first background checker check·er  
n.
1.
a. One, such as an inspector or examiner, that checks.

b. One that receives items for temporary safekeeping or for shipment: a baggage checker.

2.  in the world that intercepts script-viruses, Script Checker, was integrated into Kaspersky Anti-Virus in May 2000. Script Checker repelled all attacks of the various forms of the LoveLetter (ILOVEYOU) virus without any additional updates to the anti-virus database. This impressive result was due to the unique heuristic A method of problem solving using exploration and trial and error methods. Heuristic program design provides a framework for solving the problem in contrast with a fixed set of rules (algorithmic) that cannot vary.

1.  technology created specifically for defending against unknown script-viruses.

For the fight against macro-viruses, Kaspersky Labs developed Office Guard that provides 100% protection against these types of viruses. Unlike traditional anti-viruses, Office Guard does not search for virus signatures (the data results), but rather emulates and analyzes macro-virus behavior, blocking any harm they could cause to a computer.

Government Control Over the Anti-Virus Industry?

In November, it became known that the FBI had developed a Trojan program for the tracking of suspects. This "classic" Trojan, christened Magic Lantern magic lantern: see stereopticon. , intercepts all keystrokes a suspect makes, copying them to a secret file. Later, the received data can be used to decode (1) To convert coded data back into its original form. Contrast with encode.

(2) Same as decrypt. See cryptography.

(cryptography) decode - To apply decryption.  and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography.  sent e-mail and provide evidence against said suspect or suspects.

On December 3, Paul Bresson, spokesman for the FBI, during an interview with the magazine Information Security, confirmed the development of the Magic Lantern Trojan. However, at the behest be·hest  
n.
1. An authoritative command.

2. An urgent request: I called the office at the behest of my assistant.  of the US government (or at least the strong "suggestion"), will anti-virus developers not include means for detecting such a Trojan in their software? McAfee and Symantec have already confirmed that they won't include detection measures for Magic Lantern - is this the beginning of a user exodus to other anti-virus products? This type of move by the US government could be precedent setting. Theoretically, should this happen, other countries' governments could make similar demands of other anti-virus companies to not include means for detecting similar governmental spying Trojans. In this case, anti-virus security could completely get out of control. And sooner or later, as always happens, the original Magic Lantern could fall into the hands of malefactors, whose goal would be to use this program for their own ends. As a result, the world economy, heavily dependent on IT, could be paralysed by a worldwide virus epidemic.

The Future Safety of the Worldwide Net

The worsening condition of the virus situation gives rise to pessimistic predictions in relation to Internet development. According to the England-based company MessageLabs, should the present tendency continue, by 2013 every second e-mail could contain malicious code. There is the opinion that in order to, get out of this difficult bind, a safe, parallel Internet must be created. This means to solving the problem could be complicated by the majority of users being unwilling to switch over to the new Net, and also complicated by the possibility of malicious code migrating from the current Internet. According to Kaspersky Labs, the best solution is to introduce, step-by-step, new equipment and software into the current internet technology, using only checked and certified information and data. Together with this, the most important aspect would be the issuing of a personal identification number to each user on the Net. This would help keep track of and stave off stave  
n.
1. A narrow strip of wood forming part of the sides of a barrel, tub, or similar structure.

2. A rung of a ladder or chair.

3. A staff or cudgel.

4. Music See staff1.  virus epidemics, and also help localize lo·cal·ize  
v. lo·cal·ized, lo·cal·iz·ing, lo·cal·iz·es

v.tr.
1. To make local: decentralize and localize political authority.

2.  the creators of malicious programs and stop their actions.

Conclusion

Current trends allow for predicting the situation in virus development as it may occur in 2002. Unfortunately, there isn't any basis for absolute optimism. Kaspersky Labs believes that there will be an increase in the number and variety of virus epidemics in the coming year. First and foremost, this is dependent on the number of users, some of whom will be virus writers, and the others, their victims.

The amount of malicious programs, varying in type, will also grow; and undoubtedly, their methods of penetrating computers will be improved.

www.kaspersky.com
COPYRIGHT 2002 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2002, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Database and Network Journal
Geographic Code:4EXRU
Date:Feb 1, 2002
Words:2107
Previous Article:Q-Pulse. (IT News).(Gael Quality's Q-Pulse 4.2 document management software)(Brief Article)(Product Announcement)
Next Article:The virus top twenty December 2001 (percentage by occurrence). (News).(Brief Article)(Statistical Data Included)
Topics:



Related Articles
Security Supplement.
"SirCam" Breaks Records for Spreading.
Anti-Virus for Palm OS.(Kaspersky Lab's)(Brief Article)(Product Announcement)
Five mods of Nimda detected. (Virus Notes).
Anti-Virus products for Novell NetWare. (Security Products).
Kaspersky Anti-Virus 20 for Palm OS. (Security).(Brief Article)(Product Announcement)
OmniTI announces partnership with Kaspersky Lab.(SOFTWARE WORLD DIGEST)(OmniTI Computer Consulting Inc., Columbia, MD, USA)(Brief Article)
Kaspersky Lab presents malware evolution: April-June 2006.(Security)
Security and products; Wick Hill teams up with Kaspersky.(SOFTWARE WORLD DIGEST)
Kaspersky Antivirus 6.0.(Security News and Products)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles