Opasoft is Back and More Dangerous Than Ever

21 Oct 2002
Virus News

:though not for users of Kaspersky Anti-Virus.Kaspersky Lab, an international data-security software developer, announces the detection of a new modification of the network worm "Opasoft" (also known as "Opaserv" and "Brasil"). Kaspersky Lab has already recorded numerous registered infections at the hands of this dangerous program. The main distinctions marking this new "Opasoft" modification are that it is compressed with the UPX file packing utility and encrypted with the PCPEC utility. The result being the shortened length of the file bearing the worm and an altered external appearance, however, the worm's functionality has not changed. The new modification's actions almost fully correspond to those of the original version. Thanks to its unique technology for unpacking files, Kaspersky Anti-Virus is the only anti-virus program that protects computers from the new Opasoft modification without requiring an update of anti-virus database signatures. All Kaspersky Anti-Virus products correctly define the type of compression used to extract the real content of the files and dig out the malicious program. Therefore, Kaspersky Anti-Virus users were protected against this Opasoft modification even before it appeared. Archive and compression utilities present considerable problems for modern computer virology. For this reason, in order to make malicious code unrecognizable for anti-virus programs it is enough to pack it with a compression utility and not make any actual alterations. Due to this, anti-virus developers must add to their virus databases a way to detect compressed versions, a procedure that can sometimes take several days - a delay that could give plenty of time for a malicious program to penetrate computers and cause irreparable harm. "This problem is one of the keys in the battle with new viruses. Virus authors have long known how to, without effort, outwit anti-virus software and thereby widely use compression and encryption methods", commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab - "Specifically to respond to this we decided to find a different path to defend users against each specific virus modification by supporting utilities used for encryption and compression." Practice shows that such an approach is more effective: Kaspersky Anti-Virus many times over has proven to be the singular anti-virus program to detect harmful programs (including ZippedFiles, Nimda and Lentin among others) without any virus database updates. Presently, Kaspersky Anti-Virus supports 671 different archived and compressed file formats, the largest amount amongst all anti-virus programs. Owing to this technology our users are protected against dangerous programs contained within archived and compressed files. More detailed information about the "Opasoft" worm and its new modified version can be found in The Kaspersky Virus Encyclopedia.