Intrusion - Tampering white papers

The 2010 versions of Kaspersky Anti-Virus and Kaspersky Internet Security, reflect an evolutionary rather than a revolutionary change in Kaspersky Lab's product line. They incorporate technologies that were present in the 2009 versions and have since undergone further improvement and integration. This has allowed the development of the progressive IT security concepts introduced in the previous versions to be continued, and gives users of the company's products an even higher level of security.

2009 was a tough year for businesses around the globe with no respite from cyber criminals who generated an influx and variation of spam and malware that many traditional security technologies were ill-equipped to handle. In this report we take a closer look at the major factors and key developments over the course of the year and their impact on the security landscape, looking ahead to 2010 to provide insight into key threats and areas of concern.

The Whitelisting technology implemented in Kaspersky Lab's security products controls applications using so-called whitelists, or lists of trusted applications. This technology helps control the activity of potentially hostile programs while allowing complete freedom to safe software that exhibits behavior similar to that of malware. Moreover, this technology significantly accelerates antivirus scanning. This ensures a high level of protection and convenience when using Kaspersky Lab products.

Today's computer users are faced with an ever-increasing number of malicious programs. Trojans, worms and viruses damage computer systems and communication channels, steal confidential data and spy on users. Users need effective protection from hacker and malware attacks. Network Intrusion Detection Systems (NIDS) that analyse internet traffic and internal networks are available, though their usefulness is limited due to the frequent use of data encryption on the Web. They also fail to protect against threats emanating from removable storage media.

The modern virus industry has become so sophisticated that even the most advanced antivirus protection systems occasionally fail to detect malicious programs that have penetrated and launched on an operating system. The ultimate solution is the virtual launch of all applications downloaded to a computer. All program activity is then completely controlled and any changes made by the application will be unable to damage other applications or the operating system.

Web-based threats are increasing in number and severity. The consequences of becoming infected can be extensive and cause significant damage to an organization's revenue, employee productivity, reputation and long-term survival. Organizations should adopt a multi-layered Web defense strategy that can protect their users and networks from increasingly sophisticated threats. Key elements of this strategy include community-watch monitoring of Web traffic using a cloud-based service, protection of remote clients, and real-time inputs from Web gateways and clients for background analysis to detect malware, rate reputations and analyze Web content.

The terms "cyberspace," "cyberterrorism" and "information warfare" are becoming common in the dialogue of information security and media professionals. However, it is hard to find solid definitions of these terms. This Secure 1st white paper discusses these terms from different viewpoints by giving examples and different definitions from diverse sources, both academic and professional.

The war against invisible malware has been taken down to a new battleground, the lowest level seen so far in the wild: the Master Boot Record. The Mebroot rootkit uses techniques never before seen in modern threats and so it can be considered the next generation of stealth rootkit and kernel infector, written by professional malware developers and clearly not for fun.

The Downadup worm has become one of the most wide-spread threats to hit the Internet for a number of years. A complex piece of malicious code, this threat was able to jump certain network hurdles, hide in the shadows of network traffic, and defend itself against attack with a deftness not often seen in today's threat landscape. Yet it contained few previously unseen features. What set it apart was the sheer number of tricks it held up its sleeve.

The Web has become an important part of home and work life. Malware authors are leveraging this fact to deliver attacks via the Web for financial gain rather than personal fame. This Symantec white paper examines some of the more popular attack techniques and outlines some best practices for being safe online.