Immediate Response to New Viruses: The Kaspersky Lab Int. Golden Rule

12 Oct 2000
Virus News

The European centre for IT security "Secusys" comments on the rapidity of anti-virus companies' response to new virus attacks

Cambridge, UK, October 13, 2000 - On 10 October, Kaspersky Lab Int. received several reports from France about the discovery of a new modification of the "KakWorm" Internet worm "in the wild." As was noted in the statement issued by the European centre for IT security "Secusys", Kaspersky Lab proved to be the most proactive and expeditious when delivering an emergency-cure module against new viruses attacks. In short, Kaspersky Lab was the first anti-virus company to produce and deliver an antidote against this new worm modification.

"We informed computer users about the new virus outbreak in less than one hour after it had first been discovered. Right after this, we sent a notification to the world's leading anti-virus companies," said Roland Garcia, leading anti-virus expert for Secusys.

According to Mr. Garcia, he was disappointed about the reaction time to this new virus as shown by anti-virus software vendors. Only Kaspersky Lab demonstrated concern about its customers' security and issued an emergency anti-virus database update in a timely fashion.

"With much regret, I should note that we haven't received any news days after Kaspersky Lab," Mr. Garcia added.

Immediate response to new virus attacks is one of Kaspersky Lab's main priorities when delivering customers comprehensive virus protection backed up by first-class round-the-clock technical support.

"We believe this is what makes computing really secure: users should have protection installed before a virus strikes," said Den Zenkin, Head of Corporate Communications for Kaspersky Lab.

"Our unique system for producing anti-virus database updates enables us to issue updates as frequently as it is needed. In fact, we are already delivering our customers real-time updates. In case a new virus is discovered, they can download a cure immediately before a regular update is released," said Eugene Kaspersky, Head of Anti-Virus Research.

About "KakWorm.d"

Unlike other KakWorm family members, this modification is able to replicate only under the French version of the Windows operating system.

In order to penetrate into computers, these worms use an Internet Explorer 5.0 security breach called "Scriptlet.Typelib Vulnerability." In order to transfer the worm to a computer, a user only needs to read the infected message without opening any attached objects. After this, the worm creates an OUT.HTA file in the Windows start-up folder. In turn, it modifies the system registry in such a way that each outgoing e-mail message will have an additional signature with KakWorm hidden inside.

To prevent infection by KakWorm, we recommend installing an Internet Explorer 5.0 security patch available for free on the Microsoft Web site at http://support.microsoft.com/support/kb/articles/Q240/3/08.ASP.

To learn more about the KakWorm family and countermeasures, please visit the Kaspersky Lab Virus Encyclopedia.

AntiViral Toolkit Pro (AVP) can be purchased at the Kaspersky Lab online store at the following address: http://www.digitalriver.com/dr/v2/ec_Main.Entry?SP=10007&SID=25571&CID=0.