Woburn, MA -- (ReleaseWire) -- 01/30/2007 -- Kaspersky Lab, a leading developer of secure content management solutions, announces the release of Maintenance Pack 2 for Kaspersky Internet Security 6.0 and Kaspersky Anti-Virus 6.0, personal products that protect computers against IT threats. An essential new feature introduced in Maintenance Pack 2 is support for Windows Vista, the new Microsoft operating system.

Kaspersky Internet Security 6.0 and Kaspersky Anti-Virus 6.0 represent the latest generation of IT security products developed by Kaspersky Lab. Kaspersky Anti-Virus 6.0 protects the computer against penetration of malicious programs, while Kaspersky Internet Security 6.0 is an integrated solution that protects the PC against all types of IT threats, including malicious programs, spyware, hacker attacks, network fraud and spam. Importantly, the antivirus component of Kaspersky Internet Security 6.0 includes all the capabilities of Kaspersky Anti-Virus 6.0.

The second Maintenance Pack was developed within a short time of the release of Maintenance Pack 1 in order to offer integrated protection against all types of cyber threats available to users of Windows Vista, the new operating system that Microsoft released today, January 30. Earlier antivirus product versions are not compatible with Vista because of the operating system's new architecture. With Maintenance Pack 2, Kaspersky Internet Security 6.0 and Kaspersky Anti-Virus 6.0 will be fully compatible with both the 32-bit and the 64-bit versions of Windows Vista.

At the same time, Maintenance Pack 2 includes all the features and additions that were included in the first Maintenance pack, including full-scale support for Windows XP 64-bit Edition, extended on-demand scanning functionality, a number of improvements to the proactive defense module and protection of Windows Task Manager against injection of malicious dynamic-link libraries (dll).

Maintenance Pack 2 for these products can be downloaded on their respective Product Updates pages (version 6.0.2.614):

* Maintenance Pack 2 for Kaspersky Internet Security 6.0:
http://www.kaspersky.com/productupdates?chapter=186437046

* Maintenance Pack 2 for Kaspersky Anti-Virus 6.0
http://www.kaspersky.com/productupdates?chapter=186435857

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Kaspersky® Anti-Virus 5.6 for Microsoft ISA Server 2004/2006 Standard Edition is commercially released

Woburn, MA -- (ReleaseWire) -- 12/27/2006 -- Kaspersky Lab, a leading developer of secure content management solutions, presents a new version of its product that protects corporate networks from viruses – Kaspersky® Anti-Virus 5.6 for Microsoft ISA Server 2004/2006 Standard Edition.

Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Standard Edition provides antivirus protection for all files transferred using the HTTP and FTP protocols via Microsoft Internet Security and Acceleration Server. The product acts as a filter that intercepts packets transferred via the HTTP and FTP protocols, isolating controlled objects from this data and analyzing them for the presence of viruses. The program attempts to treat any infected objects, and blocks the object, if necessary. This prevents any further transmission of the code, completely blocking the penetration of infected HTTP and FTP objects through Microsoft ISA Server.

Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Standard Edition comprises a wide range of functions. One of the most important features of the solution is flexible configuration of virus scanning parameters. Other features include monitoring of system operation statistics and diagnostics with administrator-defined levels of detail.

System administrators can reduce server load by compiling lists of trusted servers and lists of object types to be excluded from scanning for different user groups.

The performance of the antivirus system has been greatly enhanced by using a configurable mechanism for scanning queued objects in parallel.

Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Standard Edition is managed via the convenient and simple interface for the Microsoft Management Console, which provides system administrators with full control over the product's operation.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Woburn, MA -- (ReleaseWire) -- 12/20/2006 -- Kaspersky Lab analysts conduct regular research into WiFi networks and protocols in order to gain an overall picture of WiFi security issues and to raise public awareness. This research focuses on WiFi network access points and mobile devices which support Bluetooth. Previous reports have covered Peking and Tjianjin, networks established at CeBIT 2006 (Germany) and InfoSecurity London, which included data both about networks at the exhibition and around London.

This latest report looks at Paris, and specifically at wireless networks and Bluetooth devices at InfoSecurity 2006, recently held in the city. Alexander Gostev, a senior virus analyst at Kaspersky Lab, compares the data collected about WiFi networks in London and Paris, including data collected in the business regions of the cities. The first part of the report provides an analysis of WiFi networks, including speed of data transmission, equipment manufacturers, data encryption etc.

While collecting data about WiFi networks, Kaspersky Lab analysts also collect data on Bluetooth enabled devices. Again, data from Paris was compared with the data from London, which was published on viruslist in June 2006.

The report, to be published on 20th December on viruslist.com, contains both the data collected, and a comparative analysis. The full details of the research can be found at Viruslist.com: http://www.viruslist.com/en/analysis?pubid=204791912

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Autumn 2006 was a stormy season. For the third month in a row there's not only a new leader in our rankings, but the entire Top Twenty is once again in a state of flux. However, worms from the Warezov family were the main troublemakers, just as they were last month.

Woburn, MA -- (ReleaseWire) -- 12/01/2006 -- Kaspersky Lab publishes Virus Top Twenty for November 2006

1 New Email-Worm.Win32.Warezov.gj 18.27%
2 +3 Email-Worm.Win32.Warezov.ev 14.88%
3 Return Email-Worm.Win32.Nyxem.e 9.89%
4 Return Email-Worm.Win32.NetSky.t 7.54%
5 -1 Email-Worm.Win32.Scano.gen 6.57%
6 +8 Net-Worm.Win32.Mytob.c 5.68%
7 -6 Email-Worm.Win32.NetSky.q 5.25%
8 Return Email-Worm.Win32.Zafi.b 4.40%
9 +3 Email-Worm.Win32.NetSky.aa 2.77%
10 Return Net-Worm.Win32.Mytob.t 2.01%
11 Return Email-Worm.Win32.LovGate.w 1.48%
12 +1 Email-Worm.Win32.NetSky.b 1.41%
13 New Email-Worm.Win32.Warezov.fh 1.29%
14 +1 Trojan-Spy.HTML.Bankfraud.od 1.08%
15 Return Net-Worm.Win32.Mytob.u 1.04%
16 New Email-Worm.Win32.Warezov.gl 0.97%
17 -6 Email-Worm.Win32.Warezov.do 0.87%
18 -10 Email-Worm.Win32.Mydoom.l 0.77%
19 -16 Email-Worm.Win32.Bagle.gen 0.76%
20 Return Net-Worm.Win32.Mytob.w 0.73%
Other malicious programs 12.34%

Autumn 2006 was a stormy season. For the third month in a row there's not only a new leader in our rankings, but the entire Top Twenty is once again in a state of flux. However, worms from the Warezov family were the main troublemakers, just as they were last month.

In November, Warezov.gj, a newcomer, took first place. This worm, which was first detected on November 22nd, only took one week to become the most widespread virus in email traffic, with an impressive share of over 18%! Only a few malicious programs have shown such record propagation rates in the first month of their existence - and all of them remained at the top of the charts for significant periods of time. However, I believe this won't be the case this time. Warezov.gj will probably fall sharply in December as the worm surrenders to the onslaught of its new "siblings".

This month's surprise was the triumphal return of our old acquaintance, Nyxem.e, which immediately shot to third position in the rankings. This worm will soon be celebrating an anniversary of sorts: it's nearly a year since was first detected. And it's become one of the most widespread viruses in all of 2006.

Nyxem's archrival, Mytob.c, has also improved its standing, shooting up eight positions. For several months we watched these worms battle for supremacy, but in October the Warezov.a hurricane swept all away. November's round of confrontation may yet result in both worms making it to the top five in December.

An equally notable comeback is that of the Zafi.b worm. No sooner had we bidden it farewell than it reappeared and started annoying users again with its messages in 18 languages. Eighth place in November is no mean achievement, and shows that the life cycle of this Hungarian worm is far from complete.

October's leader - NetSky.q - is once again moving down the charts. The history of this worm is quite interesting. After it first appeared in 2004, it remained a leader for a long time and became the most widespread worm of 2004. In 2005 it battled numerous Mytob variants for supremacy, and in 2006 it has alternately shot up the charts, or fallen off the bottom of the Top Twenty. In spite of all this, NetSky.q remains one of the most widespread worms in the entire history of the Internet. Meanwhile, for Sven Jaschan, who wrote this infamous worm, 16 of the 21 months of his suspended sentence have passed.

Several other worms besides Netsky.q are moving up and down the charts, as if plotting a sine curve. Two more historic worms, LovGate.w и Mytob.t, returned to the rankings to grace the middle of November's Top Twenty. .

All these examples demonstrate that worms can be split into two groups. Those in the first group circulate for years in traffic, sometimes increasing their share (when there are no other epidemics) and sometimes surrendering it to newcomers. Those in the second group emerge quickly, top statistics for a short period and then quickly disappear, often completing this cycle in a mere couple of weeks.

As for December forecasts, everything will depend on the authors of the Warezov worm. If they continue mass-mailing numerous variants of the worm, then next month these worms will account for at least 30% of all malicious programs in email. But if the authors of Warezov relax the pace or get themselves arrested (which is, unfortunately, less likely), the "old" worms, such as NetSky.q, Zafi,b and Mytob.c will gain ground once more.
Other malicious programs made up 12.34% of all malicious programs intercepted in mail traffic. This confirms that a large number of other worms and Trojans are still actively circulating.
Summary
New: Warezov.gj, Warezov.fh, Warezov.gl
Moved up: Warezov.ev, Mytob.c, NetSky.aa, NetSky.b, Bankfraud.od
Moved down: Scano.gen, NetSky.q, Warezov.do, Mydoom.l, Bagle.gen
Re-entry: Nyxem.e, NetSky.t , Zafi.b, Mytob.t, LovGate.w, Mytob.u, Mytob.w

The Online Scanner Top Twenty for November 2006 is available at Viruslist.com: http://www.viruslist.com/en/analysis?pubid=204791910

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Woburn, MA -- (ReleaseWire) -- 11/21/2006 -- Kaspersky Lab, a leading developer of secure content management solutions, has released its latest quarterly report, Malware Evolution: June - September 2006. Alexander Gostev, Kaspersky Lab's Senior Virus Analyst, described this period as 'the calm before the storm'.

You can find full version of the report at: http://www.viruslist.com/en/analysis?pubid=204791907. Here is its main essence:

After the stormy confrontation of ideas from those on both sides of the virus war, there was the inevitable period of calm, when both sides attempted to evaluate the results of their labours during the first six months of 2006. There were no significant epidemics, and no new proof of concept viruses either. All was relatively quiet on the virus front, with most of the activity being the everyday jockeying for position on the Internet. In spite of this, virus writers and cyber criminals still manage to come up with a few unpleasant surprises.

One major issue in the information security world today is vulnerabilities in Microsoft Office. Between April and June 2006 Word, Excel and PowerPoint all came under fire from the blackhats. In a mere three months, the number of security holes rose to close on a dozen. In the third quarter of 2006, Microsoft issued 6 patches, but every vulnerability had multiple Trojans, sometimes dozens, exploiting it. These malicious programs were detected either in mail traffic, or on users' machines.

The issue of vulnerabilities in Office was further complicated by the fact that virus writers seemed to be working around Microsoft's patch schedule, with their malicious creations being released a mere few days after a scheduled patch was released. This resulted in almost a month going by during which the latest vulnerabilities could be exploited by hackers, with users being left unprotected. According to Alexander Gostev, the highly unusual coordination among hacker groups looked like an attempt "seems like an attempt to discredit Microsoft as an information security specialist in general, and to specifically target the company's habit of releasing patches according to a defined schedule."

The situation remains extremely complex. Even more inventive attacks on Microsoft Office are expected as Microsoft has released Office 2007 into open beta testing, and this will give hackers and security researchers yet another target.

Between July and September 2006, it wasn't only the multiple vulnerabilities in Microsoft Office which posed a serious threat to users, but also two other security loopholes in Microsoft products: MS06-040 and MS06-055.

MS06-040 is the most dangerous ttype of currently known vulnerability, making itpossible for an attacker to execute arbitrary code via a network attack. Happily, the very nature of the vulnerability and the composition of the exploits were not so different from those which were already known (very similar to MS04-011 and MS05-039) and this made it possible for a lot of antivirus and firewall vendors to block the virus attacks without having to patch their products. An epidemic was averted, and August 2006 did not become another latest black month in the virus vs. antivirus calendar. MS06-055, a vulnerability in Internet Explorer, which was detected in September, related to VML processing, and would allow a remote malicious user to create a script which would execute arbitrary code on a victim machine when the user visited an infected site. In this case, Microsoft published an out-of-schedule patch in record time, and this significantly reduced the number of infections.

In the period under review, there were there were only a few pieces of mobile malware which stood out from the mass of primitive Skuller- like Trojans: Comwar 3.0, Mobler.a, and Acallno. Comwar 3.0 was the first Comwar variant to use file infecting technologies - the worm searches for other sis files on the phone, and writes itself to these files. This makes it possible for it to spread in yet another way, in addition to its traditional MMS and Bluetooth propagation routines. Mobler.a was the first cross platform virus capable of infecting both Symbian and Windows systems, proof of concept code from an unknown author. The worm propagates by copying itself from an infected computer to a handset. "Mobler.a should probably be seen as a new way of attacking personal computers, rather than purely a new way of penetrating mobile phones." believes Alexander Gostev. The Acallno Trojan, developed by a commercial firm, is designed to spy on the user of a designated telephone, and sends copies of all sent and received SMS messages to a specially configured number. The other novelty detected in the third quarter of 2006 was Wesber, a Trojan for J2Me; it's the second known Trojan that is capable of functioning both on smartphones and on the vast majority of modern handsets.

Russian Instant Messaging users were attacked by multiple Trojans, and most of all by the Trojan spy program LdPinch. Once the program has penetrated the victim machine, and harvested information which the remote malicious user wants, the Trojan then sends a link to the site where it's located to the user's ICQ contact list. In the third quarter of 2006, the Russian segment of the Internet was hit by several such epidemics, when hundreds and thousands of users received links from their contacts - links which promised 'funny pictures' or 'summer pictures'. The main problem is the human factor: users are very trusting of links which appear to have been sent by a friend or a contact. Alexander Gostev says "The advice that we gave a year and a half ago remains relevant. We recommend that system administrators and IT security professionals should be highly aware of the potential threat currently posed by IM, and should consider forbidding its use as part of the company's security policy."

In conclusion, Alexander Gostev takes stock of the current situation and looks to the future. The second stage of both virus and antivirus evolution is now complete. Today's virus writers and cyber criminals have adapted to the evolution of today's antivirus industry, and are not currently on the attack. Virus writers find the current reaction times of antivirus companies - which could be a few hours, or even minutes - acceptable, and have come to terms with what they can achieve within the window of opportunity provided. However, this is a state of uneasy equilibrium: as Alexander Gostev states, "if the situation is as I have described it, then something will have to change in the near future. Either antivirus companies will go on the attack, making a new concerted effort to quash the virus uprising, or virus writers will come up with something truly new, raising the bar for the antivirus industry as a whole."

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Moscow, Russia -- (ReleaseWire) -- 11/03/2006 -- Kaspersky Lab has intercepted a mass-mailing containing Trojan-Dropper.MSWord.Lafool.v. This mass mailing is unusual as messages appeared to be sent from mcafee@europe.com and allegedly originated from McAfee, an antivirus company.

Lafool.v is a Word document called "McAfee Inc. Reports.doc". The file is 80,635 bytes in size, and allegedly contains a report about the propagation of malicious programs on the Internet.

The document contains a macro written in Visual Basic for Applications. Lafool.v extracts a new modification of LdPinch, a well known Trojan password stealing program, from itself, and launches it for execution. LdPinch steals passwords to a number of services and applications, including AOL Instant Messenger and ICQ, and other confidential user data. Kaspersky Anti-Virus detects the new variant of this program as Trojan-PSW.Win32.LdPinch.bbg.

The Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security Proactive Defense module will block the Trojan, including its attempts to:

1. execute a suspicious macro command
2. harvest personal data
3. start the Internet browser with command line parameters
4. send harvested data via the browser without the user's knowledge

The Trojan's activity is blocked if the user blocks at least one of these actions (LdPinch will either fail to start or will be unable to carry out its malicious payload. It should be noted that this technology for sending data without the user's knowledge was first implemented in the well-publicized PC Flank Leaktest (http://www.pcflank.com/pcflankleaktest.htm).

Kaspersky Lab believes that McAfee is in no way involved in the distribution of this Trojan and that the email address used in the messages (mcafee@europe.com) is fake and used in order to cause recipients to open infected messages.

An antivirus database update containing detection for Lafool.v was released on October 31st, 2006. Users of Kaspersky Anti-Virus are recommended to update their antivirus databases.

Users are also advised to be careful and refrain from opening messages from unknown senders and with suspicious attachments.

Additional information is available here:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=140927

Kaspersky Lab Information Service
10/1 1st Volokolamsky Proezd, Moscow, 123060, Russia
Tel./Fax: +7 495 797 87 00
e-mail: timur.tsoriev@kaspersky.com
http://www.kaspersky.com; http://www.viruslist.com

Visit us online at www.kaspersky.com/press

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm