Quote of the week: Are we doing enough to improve the global IT security landscape?

AppId is over the quota
AppId is over the quota

Vitaly Kamluk, Chief Malware Expert, Global Research and Analysis Team, Kaspersky Lab:

“Hundreds of thousands of machines are joining botnets every month. Most of these botnets are used to propagate spam or distribute malware that can be used in cyber espionage. Some of them are used in DDoS attacks or as proxies to commit other cybercrimes.

Botnets are a major threat to both the average user and corporations; however, the countermeasures we take are about as much use as measures a tiny mouse might take in protecting itself against a tiger: immensely inadequate. One could think that laws should be able to help us. Indeed, there is a law that prohibits unauthorized access to remote systems, i.e., third parties cannot use the resources of the other’s machine. However, cybercriminals successfully bypass this law. They utilize and exploit systems in any way they want – to commit crime, earn money, etc. At the same time we researchers come up against the same law – but in our case it prevents us from fighting botnets.

As an example of what could be done but cannot even be contemplated, there are over 53 000 command and control (C&C) centers on the Internet (source: www.umbradata.com). In many cases we know where the C&C centers of these botnets are, so in theory we could contact the owner’s Internet Service Provider and ask it to take it down or to pass control of the center to us. This would be the right decision if we didn’t want to leave all those thousands of infected machines online - continuing to attack other machines. We could issue a command for a bot to self-destroy itself from within the botnet infrastructure (starting from the command center) and then take it down. But unfortunately this represents unauthorized access, and we are not allowed to issue such a command.

Clearly we need changes to improve the situation. And first of all we need the law enforcement agencies of all nations to consider doing a few things:

• Carrying out mass remediation via a botnet;
• Using the expertise and research of private companies and providing them with warrants for immunity against cybercrime laws in particular investigations, so they can collect more evidence, or bring down a malicious system when it cannot be accessed physically;
• Using the resources of any compromised system during an investigation - so that we can place traps on compromised machines to get the source IP addresses of the attackers, and to bypass the mechanisms they use to hide their identities;
• Obtaining a warrant for remote system exploitation - only in the cases when no other alternative is available. Of course this could result in cyber espionage. But if it is done properly – if the warrant is given for particular system, in a particular case, for particular timespan – this could bring positive results. Indeed, it could significantly change the cyber-threat landscape.”

For more information about taking down botnets, please watch the online press conference video which takes an in-depth look at the subject.

More about → Quote of the week: Are we doing enough to improve the global IT security landscape?

Kaspersky Lab Top Management Ranked Most Powerful Voices in IT Security

AppId is over the quota
AppId is over the quota

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that Eugene Kaspersky, Chairman and CEO of the company, has been ranked as the Most Powerful Security Executive in the world by Internet technology publisher SYS-CON Media. Mr. Kaspersky was also ranked among the Top 25 Most Powerful Voices in Security in the same source survey SYS-CON Media used for the rankings - appearing sixth on the list. As the world’s most powerful security executive, he is listed as having 5,035 times more broadcast power reach than an active Internet user with an average level of impact, influence and use of social tools. Besides, Eugene’s colleague Nikolay Grebennikov, Chief Technology Officer of Kaspersky Lab, also figures on the Top 100 Most Powerful Voices in Security.

Commenting on his ranking, Eugene Kaspersky said: “It is a great honor for me to be named one of the most powerful voices in the IT security industry and the most powerful security executive in the world. I believe it is extremely important to spread the word about IT threats. People should be aware of them and be well prepared to face the risks that lie ahead. Faced with today’s growing cyber-crime, we all need to be properly educated and to join forces to keep the world safe.”

The ranking by SYS-CON Media of the Most Powerful Voices (MPV) in Security is based on a survey of more than 140 security company executives, 320 bloggers and people in media, 100 of the top experts in cloud computing, 30 people involved in specialized organizations, over 20 government officials, over 130 leading CISOs, and 75 industry analysts from notable firms such as Gartner, IDC, Forrester, ESG, and others. In total more than 800 influential people were surveyed.

The metrics used in the research, which measured both broadcast power and profundity, were identified through a number of studies performed across several industry categories. The MPV formula is based on "reach" by examining the number of followers and buzz an individual has on sites like Google and Twitter and many others. The estimation of the impact an individual has with his followers and subscribers is based on the amount of buzz created around blog posts, tweets, Quora answers, LinkedIn groups, and other messages, as well as on the frequency of references in the blogosphere.

About Kaspersky Lab

Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solutions providers. Learn more at: www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit: www.viruslist.com.

About SYS-CON

Media SYS-CON Media, founded in 1994, is widely recognized in the Internet-technology and magazine publishing industries as the world's leading publisher of i-technology magazines, electronic newsletters, and accompanying i-technology breaking news, education and information Web portals. The company has further solidified its dominant role in the i-technology space with the 2001 launch of an events business, SYS-CON Events (trade shows, conferences, and education). For further information visit www.sys-con.com

More about → Kaspersky Lab Top Management Ranked Most Powerful Voices in IT Security

Kaspersky Lab Granted New Anti-Spam Patent in the USA

AppId is over the quota
AppId is over the quota

Kaspersky Lab, one of the leading developers of secure content and threat management solutions, announces that it has been granted a new anti-spam patent in the USA – No. 8023697 – which covers a system and method for identifying spam in rasterized images. The application was filed earlier this year, and the patent was granted on September 20, 2011.

Spam filters currently have little problem detecting spam text messages. That is why spammers often use stealth technology to hide the text of unwanted messages in images. Filtering graphical spam is far more difficult: before an anti-spam filter can establish whether the text in a message is spam, it must first detect the text in an image. The majority of methods used to detect text in images are based on machine recognition of images. Machine recognition, however, requires uniformity in terms of size, style and the arrangement of symbols. This restriction is exploited by spammers who intentionally distort and create ‘noise’ in images to make detection more difficult.

Kaspersky Lab’s technology protected by this new patent was designed to effectively detect text and spam objects in raster images. This approach provides high-speed detection and can recognize spam text in almost any language.

The newly patented technology is based on a method of identifying objects in a raster image and tracing the contours of identified objects. Objects in the image are identified by tracing contours around each object. Based on the traced contour a signature of each object is generated. Whether or not the image contains text is determined by a comparison of the discovered object signatures and known spam image signatures. The new system can also effectively detect text in an image and compare it to known spam templates contained in databases.

At present Kaspersky Lab technologies are protected by 43 Russian and 34 US patents, and has a further 32 and 47 patent applications in the two countries, respectively. A further 42 patent applications covering innovational technologies in the information security field are currently being examined by the Chinese and European patent offices.

More about → Kaspersky Lab Granted New Anti-Spam Patent in the USA

Quote of the week: Malware Explosion for Mac OS X

AppId is over the quota
AppId is over the quota

Marco Preuß, Head of the Global Research and Analysis Team, Germany, Kaspersky Lab:

“The amount of virus samples has grown over the last few years, in line with Apple's increasing market share.

Since Apple's switch to the Intel platform, the cybercriminals have begun to create and distribute malicious software far more aggressively. Nowadays there are over one thousand threats targeting the Mac platform alone, not to mention a vast number of scripts and multi-platform threats.

Over the last few years we’ve seen several attempts by the cybercriminals to gain ground in the Apple market. Most of their attempts involved social engineering methods designed to drop Rogue AVs, Spyware and Backdoors. The year 2009 saw the formation of a botnet designed to launch DDoS attacks and consisting of approximately 20,000 infected Macs. Malware attacks were not the only problem either, phishing attacks targeting Apple services like iTunes were also noted.

However, last week we tracked a really enormous attempt to spread Rogueware targeting Macs. The cybercriminals used black hat SEO techniques to poison search results in popular search engines. For instance, they tried to use searches focusing on the killing of Osama Bin Laden as a vehicle for distributing Rogue AVs such as MACDefender. These threats try to scare users by informing them that their systems are infected and then try to extort money on the pretext of offering antivirus programs supposedly able to disinfect the targeted machine. We’ve spotted several different threats of this kind, which is also popular on Windows systems.

A second critical development is the recently spotted underground announcement of a crimeware kit for the Mac platform, as reported by Peter Kruse from CSIS. The cybercriminals seem to be building automated, easy to use tools to target Macs just as they already have for Windows systems. This kind of threat will lead to more widespread attacks and the possible use of exploit techniques on Macs.

It’s very important that Apple users make themselves aware of this situation and protect their Macs - as Macs can be infected too! “

Please follow these links to get more information about latest Mac OS threats:
“Mac Protector: Register your copy now!”
“Mac Protector: Register your copy now! Part 2”
“An unlikely couple: 64-bit rootkit and rogue AV for MacOS”
“More fakeAV for MAC. This time it’s massive”

More about → Quote of the week: Malware Explosion for Mac OS X

Teamwork: How the ZitMo Trojan Bypasses Online Banking Security

AppId is over the quota
AppId is over the quota

Mobile transaction authorization numbers (mTAN) used to be one of the most reliable online banking protection mechanisms. However, with the emergence of a ZeuS Trojan for smartphones – ZeuS-in-the-Mobile, or ZitMo – mTANs can no longer guarantee that valuable user data will not fall into the hands of cybercriminals.

First detected in late September 2010, ZitMo is designed to steal mTAN codes sent by banks in text messages and remains one of the most interesting examples of malware for mobile phones. “First of all, it is cross-platform in nature: we detected versions for Symbian, Windows Mobile, BlackBerry and Android,” explains Denis Maslennikov, Senior Malware Analyst at Kaspersky Lab. “It is a Trojan with a very narrow specialization: its main aim is to forward incoming text messages with mTAN codes to malicious users (or a server, in cases involving ZitMo for Android) so that the latter can execute financial transactions using hacked bank accounts. But perhaps its most distinctive feature is its ‘partnership’ with the classic PC-based ZeuS Trojan. Without the latter, ZitMo is merely spyware capable of forwarding text messages. The ‘teamwork’ between the two components enables cybercriminals to successfully bypass mTAN security measures used in online banking.”

The attacks are generally orchestrated as follows:

• Cyber criminals use the PC-based ZeuS to steal the data needed to access online banking accounts and client mobile phone numbers.
• The victim’s mobile phone (see point 1) receives a text message with a request to install an updated security certificate, or some other necessary software. However, the link in the text message will actually lead to the mobile version of ZeuS.
• If the victim installs the software and infects his phone, then the malicious user can then use the stolen personal data and attempt to make cash transactions from the user’s account, but will need an mTAN code to authenticate the transaction.
• The bank sends out a text message with the mTAN code to the client’s mobile phone.
• ZitMo forwards the text message with the mTAN code to the malicious user’s phone.
• The malicious user is then able to use the mTAN code to authenticate the transaction.

Attacks involving ZitMo or malicious programs with similar functionality that are designed to steal mTAN codes or other confidential information will no doubt continue in the future. Therefore users of smartphones should remember some important rules of mobile security: always review the permissions that an application requests at install time; do not root or otherwise 'Jailbreak' your phone; avoid side loading (installing from non-official sources) when you can. If you do install Android software from a source other than the Market, be sure that it is coming from a reputable source. Don’t click the URLs you receive in spam SMS. Run a reputable antivirus on your phone, and keep it up to date. Install any and all security patches as soon as they are available.

For more details on the ZitMo Trojan and how it functions on different mobile platforms, see Denis Maslennikov’s article ‘ZeuS-in-the-Mobile – Facts and Theories’ at: www.securelist.com.

More about → Teamwork: How the ZitMo Trojan Bypasses Online Banking Security

“Advanced+” for Kaspersky Anti-Virus 2012 in AV-Comparatives’ On-Demand Malware Test

AppId is over the quota
AppId is over the quota

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that its product Kaspersky Anti-Virus 2012 has been awarded the “Advanced+” grade – the highest possible – in On-Demand testing for malicious software detection and false alarms conducted by respected independent anti-virus testing laboratory AV-Comparatives.

The on-demand testing – a classic AV evaluation method – was conducted on 20 well-known, up-to-date anti-virus products of different manufacturers in August 2012, and the final results were published on September 27. Approximately 200,000 recent, prevalent malware samples were used in the testing, and Kaspersky Anti-Virus 2012 successfully detected 98.3% of them; some of the other products tested detected around just 85%; the average score was 96.2%.

The 20 AV products were also tested for the number of false positives they showed up - that is, how many out of hundreds of thousands of clean files were falsely indicated as malicious. Kaspersky Anti-Virus 2012 returned just one false positive, which is another superb result - especially when one considers that the highest grade in this test is named “Few” [false positives] and a product can achieve this best-of-the-breed status with even as many as 15 false positives. Some other tested products in the testing gave results in the 50s - firmly in the “Many” category. Besides, it should be noted that the single false positive that Kaspersky Anti-Virus 2012 did show up is hardly ever found in real-world situations. Nevertheless, it was immediately fixed.

Nikita Shvetsov, Director of Anti-Malware Research of Kaspersky Lab, said: “We are glad to see that AV-Comparatives is working on increasing the quality of the test collection, and we think that the 200 000 files used in the latest test represent accurately the situation with real-life prevalent malware today. However, an On-Demand test doesn’t show up all the capabilities of a product, since it only tests a limited number of AV technologies. Therefore, for a full-fledged comparison, we would recommend also looking up Whole Product Dynamic tests and Proactive tests, which are also regularly conducted by AV-Comparatives and other reputable testing labs.”

More detailed information on the results of the testing can be found at:
http://www.av-comparatives.org/images/stories/test/fp/avc_fp_aug2011.pdf

More about → “Advanced+” for Kaspersky Anti-Virus 2012 in AV-Comparatives’ On-Demand Malware Test

Quote of the week: Security and privacy issues of iCloud servers

AppId is over the quota
AppId is over the quota

Costin G. Raiu, Director of the Global Research and Analysis Team of Kaspersky Lab:

“With Apple releasing iCloud for developers, the battle for domination in the market of cloud-centric OSes is finally breaking out. The real key point here is of course iOS5 – the new Apple operating system that will take full advantage of clouds. This indicates that Apple is moving in exactly the same direction as Google and Microsoft by designing and planning to deploy an operating system that is fully integrated with the cloud. This is further confirmed by Steve Jobs' statement regarding Apple’s long-held interest in the creation of an operating system that doesn't rely on local file system storage.

Interestingly, Apple has chosen a different path from Google here: while Google – with ChromeOS – is trying to push users into using their cloud storage, iCloud is presented as an added feature, which can be purchased separately from the hardware.

So, what does this mean from a security point of view? Basically, we are talking about the same class of risks as ChromeOS – all your digital content might be available to anyone who knows your password. I believe it's completely reckless nowadays to provide such a service without two factor authentication, which makes it prone to basic data theft techniques.

Of course, even if security is indeed improved through multi-factor authentication methods, we are still faced with the issue that all the data is available on the cloud, in one place. Just as Sony recently learned, the cloud is not always impenetrable - on the contrary, its fundamental nature makes it an interesting target for cybercriminals, and no doubt it will continue to be a focus for them.

In a hypothetical case when both the cloud and client devices are 99.99% secure, we still have another vulnerable layer - the network which will communicate, send, receive and authenticate customers. From this point of view we may face a new growth of attacks on the network layer – when user information can be intercepted, faked, denied and distorted. Therefore, we might see new and more sophisticated attacks on the network layer side”.

More about → Quote of the week: Security and privacy issues of iCloud servers

Kaspersky Lab’s New Endpoint Protection Solution Makes Businesses Ready for the Next Cyber Threat

AppId is over the quota
AppId is over the quota

Kaspersky Lab announces the release of Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center. The new endpoint protection solution and comprehensive management console are designed to keep businesses ahead of emerging threats with intelligent security solutions from the leading anti-malware experts at Kaspersky Lab.

“With this new release we deliver a comprehensive Endpoint Protection Platform that consists of seamlessly integrated security modules. We have merged real-time, cloud-assisted protection with intelligent proactive endpoint protection, and have created a compelling security center that will help companies of all sizes protect themselves against emerging IT threats, including targeted attacks, and thus improve their productivity,” said Petr Merkulov, Chief Product Officer of Kaspersky Lab.

Deep anti-malware protection, based on Kaspersky Lab’s strong expertise and balanced global footprint, is supplemented with a broad set of IT security features, including Application Control, Web Filtering, and Device Control. Kaspersky Endpoint Security 8 for Windows integrates with a cloud-based security intelligence system, which provides real-time updates for new and unknown threats and support for application whitelisting.

The efficiency of Kaspersky Endpoint Security 8 for Windows has been proven in the first independent testing, conducted by AV-Test.org, the reputable German independent research center. A total of seven corporate security solutions from different vendors were evaluated in the testing, and Kaspersky Endpoint Security 8 for Windows was awarded the highest number of points. Specifically, Kaspersky Lab’s corporate solution successfully detected 100% of widespread malware samples, blocked all zero-day malware attacks, and returned the best result in the detection and removal of active malware from an infected machine. Detailed results of Kaspersky Endpoint Security 8 for Windows in the independent testing can be found at AV-Test.org.

Kaspersky Endpoint Security 8 for Windows is managed by a newly designed Kaspersky Security Center, which succeeds the Kaspersky Administration Kit. This new management console presents many new features for comprehensive control and manageability, supports physical as well as virtual environments, and is scalable to fit the needs growing businesses.

Common Threats in the Corporate Environment

---

According to a recent Kaspersky Lab survey, in the past 12 months at least one IT Security incident was experienced by 91% of the companies surveyed. Almost a third of company representatives questioned admitted that they had incurred sensitive data loss as a result of malware infection.

Though malware attacks are the most common type of business security threat, only 70% of the companies surveyed have fully implemented anti-malware protection; 3% have no anti-malware protection at all.

The list of the most immediate current threats also includes potentially dangerous software vulnerabilities, network attacks (including targeted and DDos attacks), phishing, and spam. Large companies in developing markets are those most frequently targeted by cyber criminals.

Besides protection from malware, most companies also actively use client firewalls as well as tools for vulnerability checks and updating software. But for protection of corporate infrastructure to be fully effective a security policy covering all endpoint devices needs to be enforced too. Control over programs used, network activity, and external devices can reduce the risk of unauthorized access to sensitive data and thus prevent possible financial losses.

Further reading: the whitepaper on Typical IT Security Mistakes in the Corporate Environment.

Key Features

---

The new versions of Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center provide intelligent protection by seamlessly harnessing new and improved features. The most notable among them are:

• Enhanced Protection: The new anti-virus engine incorporates improved pattern-based signature technology, which offers efficient malware detection with smaller update sizes. The System Watcher module constantly monitors program activities and can undo damage caused by malicious programs.
• Integration with the cloud: Kaspersky Endpoint Security 8 for Windows integrates with the Kaspersky Security Network, a cloud-based threat intelligence database that gathers and exchanges file, URL reputation and malware information in near real-time. Kaspersky Lab’s products and technologies protect more than 300 million users spread relatively evenly over five continents. This provides a balanced global footprint of “sensors” as well as knowledge of region-specific threats, and allows Kaspersky Lab to provide rapid and highly effective protection for businesses.

For more details read the Kaspersky Security Network whitepaper.

• Application Control and Whitelisting strengthen companies’ security stance against targeted attacks by enabling IT administrators to set policies to:
  • allow or block certain applications (or application categories) using Application Startup Control;
  • monitor and restrict certain applications’ activities using Application Privilege Control; and
  • monitor and prioritize application vulnerabilities using the Application Vulnerability Monitor. This provides IT administrators with centralized reports about the most critical vulnerabilities of installed software and informs about possible risks.

For more details read the Application Control and Whitelisting whitepaper.

• Endpoint Control: In addition to Application Control, this new solution provides effective tools for device control and web filtering, and enforces corporate security policies in order to reduce the attack surface. Device Control allows companies to create flexible and granular policies to manage device access privileges as per bus, device type, or individual device serial number. Web Filtering allows blocking of malicious websites and undesirable web content. Together with protection from web-based threats, Web Filtering ensures highly secure Internet access - especially important for remote or roaming workers.

For more details read the Endpoint Control whitepaper.

• Intelligent Personal Firewall and Intrusion Detection System for enhanced protection from network attacks, regardless of connection type or location.
• Manageability, scalability and virtualization support: Kaspersky Security Center is a centralized security management system that can create actionable reports on all aspects of IT security. This new management solution is fully scalable and supports virtualization technologies within the Security Center administration structure.
  • Manageability: Kaspersky Security Center is a central management and deployment console for Kaspersky Lab’s endpoint security solutions. It can use pre-defined policies and settings to provide immediate out-of-the-box protection, or be fine-tuned to allow for more precise and specific safeguards.
  • Virtualization support with scalability: Kaspersky Security Center is fully scalable and optimized to be used in virtualized environments, and supports VMware’s virtual machine management. Installation and maintenance of relevant Kaspersky Lab solutions on non-persistent virtual machines is also possible. There is also an option to create a two-level administration server hierarchy on a single physical server in order to reduce operating costs and set up an easily scalable security management system. This feature requires no third party virtualization tools.

For more details read the Virtualization Enhancements whitepaper.

Quotations

---

Eugene Kaspersky, Chief Executive Officer and co-founder, Kaspersky Lab

“Kaspersky Endpoint Security 8 for Windows is a key addition to our comprehensive security suite, which helps businesses to be ready for the next challenge in IT security. It combines efficient anti-malware protection with a broadened feature set, designed to build stronger corporate security policy and control the attack surface. Our new products offer near real-time hybrid protection by tightly integrating signature-based, proactive, and cloud-assisted detection technologies.”

Nikolay Grebennikov, Chief Technology Officer, Kaspersky Lab

“One of the major benefits of Kaspersky Endpoint Security 8 for Windows is comprehensive Application Control and Whitelisting functionality. It is backed by the cloud-based Kaspersky Security Network with a superior categorized database of legitimate applications. It also offers a flexible and efficient Default Deny scenario, under which the startup of all applications on endpoint PCs is blocked, except for those listed in the cloud-assisted and local Whitelisting databases. Unlike the widespread Default Allow mode, this method radically enhances corporate IT security, saves IT resources and at the same time is convenient for employees.”

Pricing and availability

---

Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center are included in Kaspersky Open Space Security, a corporate IT security platform developed by Kaspersky Lab. Please contact a Kaspersky Lab representative to check the products’ availability and prices.

About Kaspersky Lab

Kaspersky Lab is the world's largest privately-held Internet Security company, providing comprehensive protection against all forms of IT threats such as viruses, spyware, hackers and spam. The company's products provide in-depth computer defense for more than 300 million systems around the globe, including home and mobile users, small and medium sized businesses and large enterprises. Kaspersky technology is also incorporated inside the products and services of nearly 100 industry-leading IT, networking, communications and applications solution vendors. Learn more.

More about → Kaspersky Lab’s New Endpoint Protection Solution Makes Businesses Ready for the Next Cyber Threat

Kaspersky Lab, Kyrus Tech and Microsoft Disable the Hlux/Kelihos Botnet

AppId is over the quota
AppId is over the quota

In their ongoing assault against botnet operators and the hosting companies that allow anonymous domain registrations which facilitate them, Kaspersky Lab, Microsoft and Kyrus Tech have successfully worked together to take out the Kelihos botnet, originally named Hlux by Kaspersky Lab. Kelihos was used for delivering billions of spam messages, stealing personal data, performing DDoS attacks and many other criminal activities, via an estimated 40,000 computers. Microsoft has also taken legal action against 24 individuals in connection with the infrastructure behind the botnet in a civil case that enabled the takedown of the domains being used to command and control the botnet. Microsoft’s legal action included declarations submitted to court to which contributions were made by Kaspersky Lab, and also a direct declaration from Kyrus Tech providing detailed information and evidence regarding the Kelihos botnet.

Kaspersky Lab has played a pivotal role in taking down the botnet, tracking it since the beginning of 2011, when it started collaborating with Microsoft in tackling Kelihos, including sharing its live botnet tracking system with the US company. Kaspersky Lab has also taken care that the botnet cannot be controlled anymore, and continues to make sure that this is the case. Its specialists reversed-engineered the code used in the bot, cracked the communication protocol, discovered the weaknesses in the peer-to-peer infrastructure, and developed the corresponding tools to counteract it. What’s more, since the offending domains used in the botnet have gone offline via court orders Microsoft had secured, Kaspersky Lab has been “sinkholing” the botnet - where one of its computers has gotten inside the botnet’s complex internal communications to bring it under its control.

Acknowledging Kaspersky Lab’s active involvement in taking down the botnet, Richard Boscovich, senior attorney with the Microsoft Digital Crimes Unit, said: "Kaspersky Lab played a key role in this operation by providing us with unique and in-depth insight based upon their technical analysis and understanding of the Kelihos botnet. This contributed to both a successful takedown and as evidence for declarations made about the analysis and structure of the botnet. We are grateful for their support in this matter and their determination to make the Internet safer."

Speaking of the continuing role Kaspersky Lab is playing in controlling Kelihos, Tillmann Werner, senior malware analyst of Kaspersky Lab Germany, said: “Since Kaspersky Lab’s sinkholing operation began on September 26, the botnet has been inoperable. And since the bots are communicating with our machine now, data mining can be conducted to track infections per country, for example. So far, Kaspersky Lab has counted 61,463 infected IP addresses, and is working with the respective ISPs to inform the network owners about the infections.”

Kelihos is a peer-to-peer botnet. It consists of layers of different kinds of nodes: controllers, routers and workers. Controllers are machines presumably operated by the gang behind the botnet. They distribute commands to the bots and supervise the peer-to-peer network's dynamic structure. Routers are infected machines with public IP addresses. They run the bot for sending out spam, collecting email addresses, sniffing out user credentials from the network stream, etc.

Microsoft has announced that its Malware Protection Center has added detection for the Kelihos malware to its Malicious Software Removal Tool. Since this tool is well-distributed the number of infections that have already been cleaned up is significant.

Cooperation between Kaspersky Lab and Microsoft has been ongoing now for some time. Notable recent collaboration includes that on the infamous Stuxnet worm, which hacked industrial control systems like those used in Iran’s nuclear programs.

Kaspersky Lab would like to thank SURFnet for its support in the operation, and especially for providing the perfect infrastructure to run the sinkhole.

More about → Kaspersky Lab, Kyrus Tech and Microsoft Disable the Hlux/Kelihos Botnet

Spam Without Borders

AppId is over the quota
AppId is over the quota

There are almost no spam-free zones left in the world today. For many years, spammers have fought hard for areas of the world from which they could launch spam attacks, constantly trying to maintain their conquered territories while annexing new ones. Meanwhile law-enforcement agencies, anti-spam vendors and other interested parties are doing their best to combat the ‘invasion’.

Statistics show that unlike 2010, in 2011 the share of spam distributed from different regions stopped fluctuating from month to month. No longer is half the world’s spam coming from just three countries. The zombie machines used to spread spam emails are now distributed fairly evenly throughout the world, signalling the end of the spammers’ geographical expansion. Infected computers sending spam are now found as far afield as South Africa and on remote Pacific islands.

This shift in the geographical spread of spam sources is primarily down to progress on the legal front, and the growing global reach of the Internet as well as the closure of botnets and affiliate programs. Almost nowhere has escaped the interests of the bot-masters: strong legislation in the developed world is offset by fast and widespread Internet connectivity, while developing nations are catching up in terms of computer access but still have weak anti-spam legislation and low levels of IT security.

“According to Kaspersky Lab, in the near future the BRICS and other rapidly developing countries will top the rating of the most prolific sources of spam because they are of particular interest to the spammers from the ‘legislation/IT protection/number of users/bandwidth’ point of view. We also expect the amount of spam originating from the US to grow, although it will not reach its previous level. Widely available Internet connectivity and a large number of users attract botnet owners in spite of the raft of anti-spam legislation adopted in the country and the high level of IT protection in use,” comments Darya Gudkova, Head of Content Analysis & Research.

More information about the migration of spam sources and the reasons behind it as well as a brief history of the spam industry’s key milestones are available in the article ‘Planet of the Spammers’ by Darya Gudkova at: www.securelist.com.

More about → Spam Without Borders

Kaspersky Lab’s Newest Corporate Security Solution Takes First Place in Independent Testing by Leading IT Security Institute

AppId is over the quota
AppId is over the quota

Kaspersky Endpoint Security 8 for Windows, Kaspersky Lab’s recently unveiled corporate security solution, has received the highest marks in its first independent testing, conducted by leading IT security institute AV-Test.org, one of the most reputable independent security testing labs in the world. The “business product full testing” was conducted in July and August of 2011, during which the beta version of Kaspersky Endpoint Security 8 for Windows was evaluated along with six other vendors’ endpoint security products. All products were awarded the “approved” rating, but the solution from Kaspersky Lab outscored the competition on points, thanks to its outstanding performance on detection and removal of malicious software, in addition to overall usability.

The testing by AV-Test.org evaluated the efficiency of business products in various situations, including protection against zero-day malware attacks, detection of malicious objects, and the revealing and removal of malware from an already infected machine. Other factors taken into consideration were the performance of the product (judging by the slowdown of the computer in everyday use) and false detections and warnings regarding legitimate programs. As a result, Kaspersky Lab’s most recent corporate solution received the highest score of 16 out of 18 points - much higher than the average result (12.8 points). The nearest competitor was outperformed by Kaspersky Endpoint Security 8 for Windows in the removal of malware testing, overall performance, and the number of “false positives” (there were no false positive detections for Kaspersky Lab’s solution).

Specific achievements in the testing of Kaspersky Endpoint Security 8 for Windows include a 100% result in “real-world” testing, in which the level of protection against zero-day malware attacks and web and e-mail threats was evaluated. In the static testing the solution from Kaspersky Lab detected 99% of more than 230,000 malware samples. Another 100% result was achieved in detection of widespread malware (of which 5000 samples were used). High effectiveness was also shown in the removal of malicious software, in which 95% of actively running malicious programs were detected and 85% of them removed (compared to the average of 74%).

Nikolay Grebennikov, Chief Technology Officer of Kaspersky Lab, commented: “Kaspersky Endpoint Security 8 for Windows is a tremendous achievement for Kaspersky Lab’s research and development team, and provides a number of major benefits for our corporate clients. One of them is an unparalleled level of security, which was confirmed by the 100% detection rate of zero-day malware attacks and widespread malware. With our new corporate solution businesses are able to improve their IT security even further, utilizing flexible Whitelisting and Application Control features, and support for the cloud-based Kaspersky Security Network.”

Nikita Shvetsov, Director of Anti-Malware Research of Kaspersky Lab, said: “A recent survey conducted by Kaspersky Lab indicates that IT security is one of the top priorities for businesses, especially when it comes to protection from malware. Kaspersky Endpoint Security 8 for Windows provides the deepest level of protection thanks to the fully revised anti-virus engine, cloud-based security system, and other enhancements. We are pleased that the first independent testing revealed the full potential of our new corporate solution, which earned top marks for detection and removal of malicious objects, as well as performance and usability, with zero false positive detections of legitimate software.”

Detailed information on the results of Kaspersky Endpoint Security 8 for Windows in AV-Test.org’s testing can be found at: http://www.av-test.org

More about → Kaspersky Lab’s Newest Corporate Security Solution Takes First Place in Independent Testing by Leading IT Security Institute

Kaspersky Lab Granted Two US Patents for Remote Administration of Computer Networks

AppId is over the quota
AppId is over the quota

Kaspersky Lab, one of the leading developers of secure content and threat management solutions, announces that it has been granted two new patents in the USA – Nos. 8024449 and 8024450 – which both disclose a system and method for remote administration of a computer network. The applications were filed earlier this year, and the patents were both granted on September 20, 2011.

The first patent relates to technology used for the remote administration of a computer network through a local administration proxy. This is needed when the “software as a service” (SaaS) business model is applied - where a supplier develops a web application and administers it independently via its own server, providing the customer with online access to the software. Problems with this model can arise as some computers may not be connected to the Internet, or be located in a closed network inaccessible to the remote server. Accordingly there is a need to improve techniques for remote administration of a computer network. And this is where Kaspersky Lab’s newly patented technology comes in.

The patent covers systems, methods and computer program products for remote administration of a computer network. It does this by deploying administration agents to the computers on a network to gather information about the hardware and software configuration of each PC. Then on the basis of the collected information the performance rating for each variable of each PC is determined, and the computer with highest rating is selected to act as the local administration proxy for the network. The server then transmits control signals to this local administration proxy that instruct the agents deployed on the computers on the network to perform administrative tasks.

The second patent discloses technology intended for use in large distributed networks having a complex network topology, where personal computers cannot always be administered directly (for example, those allocated in a DMZ). The technology involves installation of special agents on all PCs on a network for collecting information, according to which the most suitable nodes are determined for delegating the necessary administrative tasks from the central server to all the computers on the network. Choosing such a node for the delegation of tasks may be based on a number of parameters, such as the location of the computer in the network topology, its availability, and so on.

The invention enables organizing apportioned interaction between the administration server and endpoints so the latter can carry out administrative operations. This helps in the administration of a large corporate network, which today may incorporate printers, scanners, fax machines, and mobile communication devices. Failures in network management may result in network security breaches, computer malfunctions, and other problems that can negatively affect productivity of employees and cost thousands of dollars in lost profits and repair costs. The current invention makes it possible to better organize interaction between the administration server and computers in the network for accomplishing all types of necessary administrative tasks for more reliability.

At present Kaspersky Lab technologies are protected by 43 Russian and 34 US patents, and has a further 32 and 47 patent applications in the two countries, respectively. Another 42 patent applications covering innovational technologies in the information security field are currently being examined by the Chinese and European patent offices.

More about → Kaspersky Lab Granted Two US Patents for Remote Administration of Computer Networks

Kaspersky Lab Targets Top Three Position in Global Endpoint Security Market in 2011

AppId is over the quota
AppId is over the quota

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces plans to refine its organizational structure and become one of the top three IT security solutions providers for endpoint users in 2011.

“This year we are closer than ever before to becoming one of the top three providers of IT security solutions in the global market,” says Eugene Kaspersky, CEO and co-founder of Kaspersky Lab. “In order to achieve this breakthrough we need to maintain our current rate of growth and once again demonstrate that as a company, we have what it takes to retain our competitive edge. By making our organizational structure globally-aligned we expect to achieve our goal of becoming one of the three biggest players in the global market by the end of 2011.”

According to Kaspersky Lab’s operational results for 2010*, the company demonstrated significant growth in all regions. Globally, the company’s revenues grew by 38% year-on-year and exceeded US$500 million. The most successful regions in 2010 for Kaspersky Lab were: Europe, where company revenues increased by 16% and amounted to US$218 million; the USA and the countries of North and South America, which saw growth of 68% and revenues of US$134 million. In the Asia-Pacific region and Japan the company experienced dramatic growth of 111%, which translated into revenues of US$55 million. The year 2010 was also a successful one for Kaspersky Lab in the CIS, eastern Europe, the Middle East and Africa, where revenues totaled US$131 million – an increase of 35% compared to 2009.

These impressive levels of regional expansion mean Kaspersky Lab is set to become one of the top three providers of endpoint security solutions**. As part of the company’s strategy for continued business growth, and in order to accomplish its planned increase of market share, Kaspersky Lab’s management team has initiated a process that will refine the company’s organizational structure in two strategically important areas – product development and our regional sales network.

One of the key drivers behind Kaspersky Lab’s growth has been its winning unified technological platform developed in-house and used as a single foundation for all company's products targeted to different market segments. In March 2011, a decision was taken to reinforce this process still further by creating a single division that will oversee the product strategy for all three of the company’s current business areas – consumer products and services, corporate solutions and technology licensing to other vendors.

Petr Merkulov, formerly Head of the Technology Alliances Division, has been appointed to the position of Chief Product Officer.

“Our goal is to hold leading positions in every sector in which the company operates, and in order to achieve that goal we need to continue actively developing our products and solutions in line with market demands,” says Petr Merkulov. “The company’s extensive international expertise in combating Internet threats is a major advantage when it comes to IT security, and we ensure that this know-how provides real benefits to users of the company’s solutions. With the creation of a single division responsible for product development and services, Kaspersky Lab’s cutting-edge solutions will become even more highly integrated in order to provide our users with comprehensive protection.”

In March 2011, Kaspersky Lab management also took the decision to revise the company’s approach to managing its network of regional sales and to create a single division that will develop and maintain global sales platform and take direct responsibility for sales and marketing in Europe and North America.

Heading the new division, Steve Orenberg, formerly Managing Director for Kaspersky Lab, Americas, has been appointed Chief Sales Officer. “At present, Kaspersky Lab is a truly international company with a global sales structure. By combining all the sales units into one division, Kaspersky Lab can implement a unified approach to dealing with global partners and clients, thus ensuring a uniformly high level of service for users in every country of the world,” says Steve Orenberg.

Kaspersky Lab plans to complete the changes to its organizational structure in the first half of 2011. According to the management team, the new centralized management structure will allow the company to more effectively develop its business worldwide, ensure stable growth and strengthen its position in the global IT security market.

*Unaudited revenue

** Kaspersky Lab is rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2009

More about → Kaspersky Lab Targets Top Three Position in Global Endpoint Security Market in 2011

Kaspersky Internet Security 2011 Receives 'Super Product' Title From Leading IT Consumer Portal benchmark.pl

AppId is over the quota
AppId is over the quota

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that Kaspersky Internet Security 2011 has been awarded the title 'Super Product' by the popular Polish computer technology Internet portal benchmark.pl. Kaspersky Lab's solution earned the highest possible mark in testing – the only product of those tested to do so.

Experts from benchmark.pl analysed 10 of the most popular IT security software packages available on the Polish market. Kaspersky Internet Security 2011 was the only one to receive five stars out of a possible five, winning it the title 'Super Product'. When evaluating the solutions, benchmark.pl's experts looked at the malware detection capabilities of the products, their system resource usage, user-friendliness, the number of additional security utilities provided aside from the antivirus scanner, and last but not least, the price of each solution.

The experts concluded that Kaspersky Internet Security 2011 stood out from the crowd because it offers:

• Best value-for-money
• Best scanner and protection performance
• Ease-of-use
• Excellent firewall
• Highly effective Parental Control filter
• Superb filters that prevent data leakage

The editors from benchmark.pl praised Kaspersky Lab's security solution, saying "We were really impressed by the Internet Security solution offered by Kaspersky Lab. KIS 2011 is a very complex package that in many respects is an example for the competition. The number of modules and tools is huge and it will certainly fulfil the needs of even the most demanding users. (…) Kaspersky Internet Security 2011 is undoubtedly one of the best programs of this type. It is very hard to find any flaws in it. (…) Kaspersky Lab made sure that everything works as it should, right from installation. No additional configuration is needed. KIS 2011 has little or moderate load on the system".

The editors at benchmark.pl pointed out a number of Kaspersky Internet Security 2011's strengths, such as: its effective antivirus scanner, its large number of configuration options and simple interface, its wide variety of Parental Control options, the product's frequent updates and the possibility of creating a rescue disc, the usefulness of the desktop gadget, its ability to block advertising banners and its drag-and-drop scanning method.

More information about the benchmark.pl test is available at: www.benchmark.pl.

More about → Kaspersky Internet Security 2011 Receives 'Super Product' Title From Leading IT Consumer Portal benchmark.pl

Kaspersky Lab: sensitive corporate information is increasingly at risk from mobile malware

AppId is over the quota
AppId is over the quota

Kaspersky Lab has urged smartphone users to be more vigilant against the growing menace of mobile malware, especially if it threatens to compromise sensitive corporate information.

In January 2011, Kaspersky Lab recorded 154 different mobile malware families with 1,046 strains, two per cent of which are already targeting Android. "As a result of mobile workers, sensitive company information is also becoming more mobile, providing a lucrative point of attack for cyber criminals" says Marco Preuss, Senior Virus Analyst at Kaspersky Lab. "This is why the use of mobile devices must be subject to strict regulations such as data encryption, particularly in the corporate world."

Kaspersky Lab has also asked users to rethink their attitude to the IT security threats traditionally associated with Mac computers. Numerous Windows threats have already been adapted to the Mac OS. For example, the Windows Trojan horse PremierOpinion that first appeared in 2008 surfaced again in June 2010 – this time for Mac. This particular Trojan is bundled with applications and screensavers and runs at root with full system access. PremierOpinion is designed to steal data from local and network-based file systems. However, it is worrying that backdoor viruses such as HellRaiser or botnets such as Trojan.i.Services are also no longer a rarity on the Mac.

More about → Kaspersky Lab: sensitive corporate information is increasingly at risk from mobile malware

Kaspersky Lab Granted US Patent for Resource Optimization Technology

AppId is over the quota
AppId is over the quota

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that it has obtained a new patent in the USA. Patent ? 7,962,959 discloses technology that optimizes computer resources during antivirus scanning thanks to the use of cache data. The technology, developed by Kaspersky Lab employee Vyacheslav Batenin, reduces the system load during the launch of antivirus software and makes more effective use of computer resources when scanning files for malicious code.

Modern antivirus databases contain lots of information: malware signatures, the executable code of unpacking and heuristic data analysis algorithms, as well as the information needed to remove detected malware, etc. As a result, antivirus databases are usually quite large and updating them in full on a regular basis is impractical. To minimize the size of updates a difference-based updating method is employed, whereby only updated information is downloaded for merging with the existing contents of the antivirus database. Every time the antivirus software is launched, data stored in the antivirus databases are converted to a format that is used during execution of the antivirus application. Not only does this procedure consume system resources, but when several scanning processes are operating simultaneously, a separate copy of the database files is loaded to the operating memory for each of them, which also affects performance.

The new technology patented by Kaspersky Lab in the USA and Russia offers a more effective method of using the antivirus database with the help of cache data. The cache data is prepared in advance using antivirus databases in a form that is convenient for the antivirus system to work with. One or more code sections of the antivirus cache may be written to memory-mapped files or converted into dynamic link libraries. Such data representation enables data to be accessed by several scanning processes simultaneously without being loaded separately for each process. The cache is stored on the hard drive, which means it is not necessary to constantly convert antivirus databases into cache data. As a result, the technology reduces consumption of computer resources by the antivirus software.

This latest patent brings the number of technologies patented by Kaspersky Lab in the USA to 30. A further 45 patent applications filed by Kaspersky Lab are currently being processed by the relevant authorities in the USA. These pending patents all cover innovative new IT security technologies.

More about → Kaspersky Lab Granted US Patent for Resource Optimization Technology

February Figures Show Spammers Regaining Lost Ground

AppId is over the quota
AppId is over the quota

Kaspersky Lab announces the publication of its spam report for February 2011. Compared to the previous month the amount of unsolicited mail traffic increased by 1.1 percentage points and averaged 78.7%. “Spammers are gradually regaining their position following the closure of major botnets in the second half of last year, and we foresee a return to spam levels of 81-82% by April-May 2011,” said Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab.

Sources of spam

India remained the leading source of spam in February, accounting for 8.83% of all spam traffic – a drop of 1.02 percentage points compared to January. Almost half as much spam came from Russia – the second biggest source – compared to the previous month after a drop of 4.26 percentage points. Brazil rose to third place (+0.41 percentage points) and Indonesia moved up one place to fourth (-0.39 percentage points). Newcomer to the top five South Korea climbed six places to claim fifth place following a rise of 1.4 percentage points compared to the previous month. Italy, meanwhile, dropped to sixth place (-0.78 percentage points).

Revival of spam traffic from the USA

The USA may only have ended the month as the eighth biggest source of spam, but it should be noted that there is a gradual increase in the amount of spam traffic coming from the country. After the closure of the Pushdo/?utwail botnet in August 2010, the volume of spam emanating from the USA fell considerably with record-low levels at the end of last year (approximately 1-1.5% from October to December). In February, that figure reached its highest level in four months – 4.27% – and it looks like it will continue to rise over the next few months.

Malware in mail traffic

Malicious files were found in 3.18% of all emails in February, a rise of 0.43 percentage points compared with the previous month.Most of the malicious programs in February’s rating can be split into two groups. The first group consists of mail worms whose primary function is to harvest email addresses to continue propagating. Some of these worms also install other malicious programs on infected systems. The second group of malware consists of programs designed to steal confidential information, primarily of a financial nature. February’s rating also included a malicious program capable of disabling victim computers and demanding payment to restore access to them.

Anti-spam legislation

A joint document drafted by officials from China and the USA entitled ‘Fighting Spam to Build Trust’ is due to be published in March. “This is a major event in the sphere of anti-spam legislation,” explained Maria Namestnikova. “Spam is both an international and regional business, which means any measures to tackle it have to go beyond those of individual states. Hopefully, this initiative will encourage officials in other countries to follow suit.” The full version of the spam report for February 2011 is available at: www.securelist.com

More about → February Figures Show Spammers Regaining Lost Ground

Kaspersky Lab Delivers Unrivaled Hybrid Protection from the Latest Threats

AppId is over the quota
AppId is over the quota

News Flash

Kaspersky Lab announces the launch of two new versions of their flagship products for protecting desktops and laptops against malware, hacker attacks and spam – Kaspersky Anti-Virus (KAV) 2012 and Kaspersky Internet Security (KIS) 2012.

The new versions are packed with industry-leading data protection technologies to counter the evolving IT threat landscape faster and more effectively than ever before. Kaspersky Anti-Virus and Kaspersky Internet Security 2012 provide a highly secure and user-friendly personal digital environment, whether you are working, banking or shopping online, or just catching up with friends and family on your favorite social networking site.

Quick Facts

The new features and improvements inside the 2012 product range include:

• Kaspersky Hybrid Protection, which harnesses the power of the cloud and world-class security technologies that reduce the average protection delivery time to just 40 seconds
• Top-notch defense against unknown cyber threats with smart application monitoring and roll back capability able to eliminate traces of even the most sophisticated malware infection, including rootkits
• Optimization for use with popular business and entertainment software packages resulting in a performance increase of up to 50% in some operations compared to the previous versions
• A new animated user interface that allows you to access all the main features of the product with just one click
• 28 other newly-refined technologies

Computer Threat Insight

The battle between the cybercriminals and security solutions vendors has grown in size, speed and complexity in recent years, reaching every corner of the globe. Today, Kaspersky Lab discovers a new malicious program every 2 seconds, with over 7 million web attacks registered each day.

Traditional data protection technologies are no longer sufficient to cope with emerging security challenges.

Lately, some security software companies have raced to “The Cloud” in search of ways to keep their customers safe from the exponential growth of malware. Some have even poured all their technology into the cloud, touting it to customers as a one-stop provider of speedy protection and better computer performance. But what happens if the cloud “goes down?” What happens if a user’s Internet connection fails, or performs too slowly to keep up?

The reality has become clear: remotely-hosted online (or cloud) technology isn’t a silver bullet. Effective, multi-layered computer protection requires the best security technology in both the cloud and on the PC itself. Many sophisticated threats exist that can’t be tackled by the cloud even if the user is online, such as advanced rootkits or malicious scripts. Unprotected computers that are offline can be infected from sources such as a local network or a USB storage device. However, although the cloud can block incoming infections, it is impossible to remediate an already infected PC in most cases.

Naturally the computer threat landscape requires well-balanced solutions that leverage the immediacy of the cloud approach and the capabilities of PC-based protection.

Kaspersky Lab has recognized the potential of cloud technologies for years, launching a first-of-its-kind cloud-based Urgent Detection System in 2006 as a way to immediately provide the latest protection to our customers worldwide. Later it was followed by Kaspersky Security Network, which has boosted the efficiency of cloud protection even further. KAV/KIS 2012 takes this concept to the next level, optimizing our technology to use real-time data from the cloud, but not dependent on an Internet connection to provide protection.

Product Highlights

• Hybrid Protection
  KAV/KIS 2012 are built around the concept of Hybrid Protection – harnessing the power of the cloud and top of the line security technologies we’ve placed on PCs. Users will benefit from the collective wisdom of the Kaspersky Global Research and Analysis Team and a worldwide network of users and expert analysts through the cloud-based Kaspersky Security Network (KSN). KSN retains real-time data about malicious and suspicious application activity from the PCs of more than 30 million voluntary members from 213 countries. The system performs a comprehensive analysis of the collected data and automatically delivers a remedy to PCs for even the most advanced threats including zero-day exploits, phishing and spam.

  KSN provides users with a number of additional advantages.

  The File Advisor is an additional layer of protection that determines the trustworthiness of any file on your computer by checking its worldwide reputation with a single click. If our experts or other Kaspersky Lab customers have discovered the file is malicious, you won’t be tricked into opening it.

  The URL Advisor is a global database of website security statistics that enables users to learn if a link leads to a trusted, malicious, or questionable website before they visit. For example, when users perform a simple web-search, the resulting links are clearly tagged with a red, yellow or green icon, so users can easily avoid dangerous websites.

  The integrated Anti-Spam module no longer requires “training” by the user to accurately block unsolicited emails. The updated database and adjusted spam filtering rules are delivered from the cloud right after installation.

• Improved protection against unknown threats with roll back capability
  Being one of the industry leaders in protection against unknown threats Kaspersky Lab continuously improves its proactive technologies. KAV/KIS 2012 now has an advanced version of the System Watcher module for discovering suspicious activity, tracking down malicious traces and PC restoration.

  The System Watcher module records the activity of each installed application throughout each one’s entire lifecycle. This way, KAV/KIS 2012 can store event concatenations and develop a comprehensive pattern of both stand-alone and groups of applications. As a result, the discovery of a single malicious action will enable KAV/KIS to effectively reveal the infection details and roll back the changes including the disinfection of files, deleting newly-created data and restoring the system registry.

• New animated user interface
  KAV/KIS 2012 boast a whole-new user interface – the most extensive interface overhaul in three years – to make the product and its security tools easier than ever to use, and to reassure computer owners that their data is safe.

  The new interface provides instant visibility into the security status of the system, offers easy access to the most popular features, and displays information about how the cloud-enabled protection is working for you. All wrapped in a user-friendly and elegant environment with support for touch screen computers.

  This ease of access was also applied to the Kaspersky Desktop Gadget, which now provides more customization and instant-access options than ever before.

• Performance optimization
  Alongside the advanced technologies and innovations, the new product versions provide increased performance and improved compatibility.

  KAV/KIS 2012 works with a number of the most popular business and entertainment applications to achieve better performance without sacrificing protection levels. Users can now enjoy seamless integration with VoIP clients (including Skype), web browsers, video players and online games.

  The new intelligent updating system significantly reduces the traffic burden on broadband connections and minimizes the impact on operating systems and other resources.

Pricing, availability and upgrade options

Kaspersky Anti-Virus 2012 and Kaspersky Internet Security 2012 will be available from the Kaspersky Lab global online store on 07 June, 2011. Contact your local Kaspersky Lab office to confirm product availability dates and prices for your region. Registered users of previous versions can upgrade to KAV/KIS 2012 free of charge.

Quotes

Eugene Kaspersky, co-founder and CEO, Kaspersky Lab
“We are really focused on optimizing advanced technologies, both in the computer and the cloud, that work seamlessly to keep our users safe. By staying focused on protecting our customers no matter how they use their computers – online, or offline - we have taken a huge step in protecting them from the most dangerous cyber-threats of today and tomorrow. In addition, our new look is refreshing and empowering, and I think our new interface will make our products easier to use than ever before. This is world-class protection in its most elegant form.”

Nikolay Grebennikov, CTO, Kaspersky Lab
“The new 2012 versions continue the long tradition of excellence that our home user products have come to be known for. At the same time, these products are now simpler and more user-friendly than ever before. Many of the modules featured in Kaspersky Internet Security 2012, such as web-antivirus, behavioral analysis, the threat rating sub-system and anti-rootkit components, have been made easier to update and now interact more effectively with cloud technologies.”

Petr Merkulov, Chief Product Officer, Kaspersky Lab
“We conducted an in-depth analysis of the performance of our new products with a variety of operating systems, thoroughly optimizing them for the most widespread usage scenarios and applications. As a result, compared to the previous version, we’ve significantly improved the speed of application startup, network connection bandwidth, and the boot time of various versions of Microsoft Windows. Additionally, file operations such as opening, closing and saving are now performed twice as fast”

Useful links

• More details on Kaspersky Anti-Virus 2012
• More details on Kaspersky Internet Security 2012
• Downloads
• Screenshots, logos, photos and box shots

More about → Kaspersky Lab Delivers Unrivaled Hybrid Protection from the Latest Threats

Kaspersky Lab Shows Significant Results of Market Growth in First Half of 2011

AppId is over the quota
AppId is over the quota

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces its successful results of business growth on US and European markets in the first half of 2011. The company demonstrated outstanding results by gaining bigger market share in B2C sector and significantly outperforming the competition.

"Both European and US markets are of the strategic importance for Kaspersky Lab from the point of view of its capacities as well as competition, - said Eugene Kaspersky, Chairman and CEO of Kaspersky Lab. - Gaining bigger market share on these mature markets proves that our expansion and business development strategy reflects both understanding of market needs and better knowledge of technology trends. Today we’re getting even closer to global market leadership which shows that we’re on good path to reach #1 position in our market segment in the foreseeable future."

The early indicators of the 1st half 2011 shows that Kaspersky Lab continues strengthening its market positions. As by NPD* data, the company is ranked number one in the B2C Antivirus Market in the US with a Market share of31.3% (by dollar volume) in the first quarter of 2011. In Total Security and Security Suites segments Kaspersky Lab has the second and the third positionsin dollar volumeaccordingly.

The company has the best growth indicatorsin European countriesamong the Top 4 vendors and continues speeding toward its competitors. According to GfK data, in the first half of 2011 Kaspersky Lab has shown #2 position in B2C sector in Western Europe**, being on the first place in such key countries as Germany and France. In the antivirus category Kaspersky Lab has shown especially high results, being #1 with 46% of the European retail market*** in the first quarter of 2011.

About Kaspersky Lab

Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world's most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The company is ranked among the world's top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry's fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry's leading IT security solution providers. Learn more at:www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit:www.securelist.com.

* The NPD Group, Retail Tracking Service, January-March 2011

**Ranking by Sales Value in GfK Retail Market, B2C

***Ranking by Sales Units inGfK Retail Market, B2C

 

More about → Kaspersky Lab Shows Significant Results of Market Growth in First Half of 2011

Kaspersky Anti-Virus 2011 Awarded "Advanced+" Rating in AV-Comparatives’ Retrospective Testing

AppId is over the quota
AppId is over the quota

Kaspersky Lab, a leading developer of secure content and threat management solutions, reports that its Kaspersky Anti-Virus 2011 product has deservedly received the “Advanced+” grade in a retrospective test conducted by AV-Comparatives. A similar result was received by the same Kaspersky Lab product in AV-Comparatives’ “On-Demand” test, held simultaneously with the retrospective test.

In the retrospective test, 12 products of different manufacturers were tested and compared against one another. Unlike the On-Demand testing, in the retrospective test the quality of heuristic detection of new malware was analyzed. Interestingly, all other means of threat protection were disabled, including the possibility to update the antivirus database.

Kaspersky Anti-Virus 2011 successfully passed the testing and received the Advanced+ grade. The level of detection of malware using only heuristic algorithms came to 55%, which is one of the highest in the industry. In the simultaneous On-Demand test the detection rate for Kaspersky Anti-Virus 2011 came to 97%. The results of the false positive/alarm test (12 instances for Kaspersky Lab’s product) were similar to those in the On-Demand comparative. It should be pointed out that, according to data of the cloud-based Kaspersky Security Network, all 12 files are practically never encountered on users’ computers.

Nikita Shvetsov, director of Anti-Malware Research of Kaspersky Lab, said: “What is interesting is that the leading antivirus companies refused to take part in the test, stating that without cloud protection and updates of antivirus databases their products won’t protect users in the proper manner. We think that even without an Internet connection or cloud services the user should be fully certain about the security of his/her system and personal data. As a result, even given such test conditions Kaspersky Anti-Virus 2011 showed one of the highest levels of threat detection, which demonstrates how users of our products are protected even without an Internet connection. However, we agree that the retrospective testing reflects just a small part of the capabilities of Kaspersky Anti-Virus, even less than the On-Demand test, which also doesn’t fully reproduce a real situation with a user’s computer. Therefore, in judging anti-virus products, we recommend using results from more realistic tests, such as those carried out by “Real-World” or “Dynamic”.

More detailed information on the results of the testing can be found at:
http://www.av-comparatives.org/images/stories/test/ondret/avc_retro_may2011.pdf

More about → Kaspersky Anti-Virus 2011 Awarded "Advanced+" Rating in AV-Comparatives’ Retrospective Testing