The need to classify detected objects arose with the advent of the first antivirus program. Despite the fact that viruses were few and far between at that time, they still needed to be distinguished from each other.

The pioneers of the antivirus industry used simple classification methods, comprising a unique name and the size of the detected file. However, a single virus could end up being called different names by different antivirus solutions, which led to confusion.

The first attempts to regulate the classification process were taken in the early 1990s by the CARO (Computer AntiVirus Researcher’s Organization) alliance of antivirus specialists. The alliance created the CARO malware naming scheme, which was used for a while as the industry standard.

Increasingly sophisticated malicious programs as well as the advent of new platforms and more antivirus vendors mean the scheme has virtually stopped being used (see the research paper ‘Current Status of the CARO Malware Naming Scheme’ by Vesselin Bontchev). But the main reason it fell out of favor was because the variety of detection technologies used by each vendor made it impossible to unify scanning results.

Attempts are occasionally made to come up with a new universal classification system for the objects detected by antivirus programs, but most are unsuccessful. The latest major project of this kind was the creation of Common Malware Enumeration (CME), an organization that provides single, common identifiers to new malware threats.

The classification system used by Kaspersky Lab is one of the most widespread in the industry and is used as the basis for classifications by a number of other antivirus vendors. Classification by Kaspersky Lab currently includes the whole range of malicious or potentially unwanted objects detected by Kaspersky Anti-Virus and differentiates objects according to their activity on users’ computers.


Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantis’. Read Full Article


DDoS attacks in Q4 2017

Q4 2017 represented something of a lull: both the number and duration of DDoS attacks were down against the previous quarter. At the same time, the increase in the number of attacks on honeypot traps in the runup to holiday sales indicates that cybercriminals are keen to expand their botnets at the most opportune moment by pressuring owners of online resources and preventing them from making a profit. Read Full Article


IT threat evolution Q3 2017

Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article


DDoS attacks in Q3 2017

In the third quarter of 2017, we registered a considerable increase in the number of both DDoS attacks and their targets. Traditionally, China is the country with the largest number of attack sources and targets. It was followed by the United States and South Korea. The popularity of Windows OS as a basis for creating a botnet has fallen noticeably, while the share of Linux-based botnets increased proportionally. Read Full Article