Classification

The need to classify detected objects arose with the advent of the first antivirus program. Despite the fact that viruses were few and far between at that time, they still needed to be distinguished from each other.

The pioneers of the antivirus industry used simple classification methods, comprising a unique name and the size of the detected file. However, a single virus could end up being called different names by different antivirus solutions, which led to confusion.

The first attempts to regulate the classification process were taken in the early 1990s by the CARO (Computer AntiVirus Researcher’s Organization) alliance of antivirus specialists. The alliance created the CARO malware naming scheme, which was used for a while as the industry standard.

Increasingly sophisticated malicious programs as well as the advent of new platforms and more antivirus vendors mean the scheme has virtually stopped being used (see the research paper ‘Current Status of the CARO Malware Naming Scheme’ by Vesselin Bontchev). But the main reason it fell out of favor was because the variety of detection technologies used by each vendor made it impossible to unify scanning results.

Attempts are occasionally made to come up with a new universal classification system for the objects detected by antivirus programs, but most are unsuccessful. The latest major project of this kind was the creation of Common Malware Enumeration (CME), an organization that provides single, common identifiers to new malware threats.

The classification system used by Kaspersky Lab is one of the most widespread in the industry and is used as the basis for classifications by a number of other antivirus vendors. Classification by Kaspersky Lab currently includes the whole range of malicious or potentially unwanted objects detected by Kaspersky Anti-Virus and differentiates objects according to their activity on users’ computers.

ddos-attacks-in-q4-2017

DDoS attacks in Q4 2017

Q4 2017 represented something of a lull: both the number and duration of DDoS attacks were down against the previous quarter. At the same time, the increase in the number of attacks on honeypot traps in the runup to holiday sales indicates that cybercriminals are keen to expand their botnets at the most opportune moment by pressuring owners of online resources and preventing them from making a profit. Read Full Article

it-threat-evolution-q3-2017

IT threat evolution Q3 2017

Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article

ddos-attacks-in-q3-2017

DDoS attacks in Q3 2017

In the third quarter of 2017, we registered a considerable increase in the number of both DDoS attacks and their targets. Traditionally, China is the country with the largest number of attack sources and targets. It was followed by the United States and South Korea. The popularity of Windows OS as a basis for creating a botnet has fallen noticeably, while the share of Linux-based botnets increased proportionally. Read Full Article

nigerian-phishing-industrial-companies-under-attack

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon. Read Full Article