The need to classify detected objects arose with the advent of the first antivirus program. Despite the fact that viruses were few and far between at that time, they still needed to be distinguished from each other.
The pioneers of the antivirus industry used simple classification methods, comprising a unique name and the size of the detected file. However, a single virus could end up being called different names by different antivirus solutions, which led to confusion.
The first attempts to regulate the classification process were taken in the early 1990s by the CARO (Computer AntiVirus Researcher’s Organization) alliance of antivirus specialists. The alliance created the CARO malware naming scheme, which was used for a while as the industry standard.
Increasingly sophisticated malicious programs as well as the advent of new platforms and more antivirus vendors mean the scheme has virtually stopped being used (see the research paper ‘Current Status of the CARO Malware Naming Scheme’ by Vesselin Bontchev). But the main reason it fell out of favor was because the variety of detection technologies used by each vendor made it impossible to unify scanning results.
Attempts are occasionally made to come up with a new universal classification system for the objects detected by antivirus programs, but most are unsuccessful. The latest major project of this kind was the creation of Common Malware Enumeration (CME), an organization that provides single, common identifiers to new malware threats.
The classification system used by Kaspersky Lab is one of the most widespread in the industry and is used as the basis for classifications by a number of other antivirus vendors. Classification by Kaspersky Lab currently includes the whole range of malicious or potentially unwanted objects detected by Kaspersky Anti-Virus and differentiates objects according to their activity on users’ computers.
In Q1 2018, we observed a significant increase in both the total number and duration of DDoS attacks against Q4 2017. The new Linux-based botnets Darkai (a Mirai clone) and AESDDoS are largely responsible for this hike. Read Full Article
In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantis’. Read Full Article
Q4 2017 represented something of a lull: both the number and duration of DDoS attacks were down against the previous quarter. At the same time, the increase in the number of attacks on honeypot traps in the runup to holiday sales indicates that cybercriminals are keen to expand their botnets at the most opportune moment by pressuring owners of online resources and preventing them from making a profit. Read Full Article
According to KSN data, Kaspersky Lab solutions detected and repelled 277,646,376 malicious attacks from online resources located in 185 countries all over the world. Read Full Article
Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article
In the third quarter of 2017, we registered a considerable increase in the number of both DDoS attacks and their targets. Traditionally, China is the country with the largest number of attack sources and targets. It was followed by the United States and South Korea. The popularity of Windows OS as a basis for creating a botnet has fallen noticeably, while the share of Linux-based botnets increased proportionally. Read Full Article
A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content. Read Full Article
The threat from ransomware continues to grow. Between April 2016 and March 2017, we blocked ransomware on the computers of 2,581,026 Kaspersky Lab customers. In May, we saw the biggest ransomware epidemic in history, called WannaCry. Read Full Article
According to KSN data, Kaspersky Lab solutions detected and repelled 342, 566, 061 malicious attacks from online resources located in 191 countries all over the world. Read Full Article
The second quarter quite clearly showed that the DDoS-attack threat is perceived rather seriously. Some companies were prepared to pay cybercriminals literally after their first demand without waiting for the attack itself. This set off a whole new wave of fraud involving money extortion under threat of a DDoS attack, also known as “ransom DDoS”. Read Full Article