Kaspersky Lab Int. offers a unique protection against script-viruses for FREE!
According to the virus prevalence table published in the June issue of the
British "Virus Bulletin"
magazine - one of the most authoritative publications for computer viruses countermeasures - for
the first time history, a virus took first place in written script programming
language, spreading via e-mail without using attached files. 17.9% of the virus
incidents registered in April 2000 were caused by the Internet-worm "KakWorm,"
originally discovered at the end of the last year.
The main distinction of the "KakWorm"-style viruses is that they spread via
e-mail without using attached files. The virus is hidden inside of the body
of an infected message and it activates each time a user reads the message.
For instance, if a user activates the preview panel in his e-mail program, then
simply by using the cursor, a user can trigger the infected message without
doing anything else.
Another feature of this type of viruses is that they are created using script
programming languages (Java Script etc.). Script-programs (including script-viruses)
are available in primary source code that enables virus writers to easily modify
them and produce new virus variations. Many anti-virus vendors should analyse
each of the viruses and issue a new update for their anti-virus software. During
that period users stay unprotected.
"Nevertheless, the "KakWorm" itself is rather harmless.� Its clones could be
of a great danger for computer users. We see they could be as destructive as
the infamous "Chernobyl" virus. There are ways of making these viruses format
disks or even crash micro chips," said Eugene Kaspersky, Head of Anti-Virus
Research at Kaspersky Lab.
All known "KakWorm"-style viruses exploit a well-known security breach in MS
Internet Explorer named "TypeLib Security Vulnerability." As soon as the breach
was discovered, Microsoft released a special security patch available for free
at the company's
web site. However, the aforementioned figures from "Virus Bulletin" show
that there are still many users who ignore this warning, leaving their computers
vulnerable.� A rather illustrative example is the spreading of "KakWorm" by
the ShoppingPlanet.com online store to more than 50,000 of its subscribers.
Another way to protect computers from "KakWorm"-style script-viruses is to
use anti-virus software. The problem is that commonly used anti-virus scanners
(on-demand scanners) are not effective, because once the computer is "cleaned,"
it could be easily damaged again just by reading the infected message. Background
anti-virus monitors (on-access scanners) could be useful to detect the virus
at the moment it writes its code onto the disk. However, they are not able to
a prevent script-viruses activation, since the viruses are executed directly
in operating memory without leaving any traces on the disk. Thus, a "KakWorm"-style
script-virus can do anything (including backdoor activities, installation of
third-party malware, etc.) until it reveals itself by placing data on the disk.
Only at this moment does the anti-virus software detect it.
The described situation requires the use of a new type of anti-virus interceptors
able to prevent script-viruses even in the system memory.
In the beginning of May Kaspersky Lab announced its new unique product AntiViral
Toolkit Pro (AVP) Script Checker - a new generation of anti-virus software to combat script-viruses of this type.
This program acts as a filter between the script program (it doesn�t matter
whether it is malicious or not) and the script programs processor that executes
it. AVP Script Checker intercepts the script program in operating memory before
it is executed by a processor and sends it to the on-access scanner AVP Monitor
for checking. If the AVP Monitor detects any viruses, it blocks the program
and alerts the user. If it doesn�t detect anything suspicious, it returns the
program back to the AVP Script Checker. Then, the AVP Script Checker activates
its powerful built-in heuristic analyser and checks for unknown viruses. If
there is anything suspicious, it alerts the user and prevents the program from
being executed. Only if the program has successfully passed all the tests are
it permitted to be executed and pass on to the script programs processor.
The AVP Script Checker could also be used on any PC-compatible computers even
if there is no AVP Monitor installed. In this case, all script-programs will
be checked only by the built-in heuristic analyser. "It is very important to
note that the AVP Script Checker is extremely useful not only against "KakWorm"-style script viruses, but against all types of script-viruses. During the recent "LoveLetter" epidemic the product successfully detected 100% of all variations of this virus without any additional updates to anti-virus database required," said Eugene Kaspersky.
Kaspersky Lab announces that the AVP Script Checker will be available FREE
of charge until July 1. During this time, you can download the program from
the Kaspersky Lab web site at www.kasperskylabs.com.
You can purchase AntiViral Toolkit Pro (AVP) family products online via the
To find the nearest AVP reseller click here.