Malware Evolution: April - June 2007
by Alexander Gostev - Senior Virus Analyst at Kaspersky Lab - Wednesday, 15 August 2007.
The events that took place during the first six months of 2007 have shown us that the direction in which threats are evolving is from social engineering to the increased usage of a variety of vulnerabilities to penetrate the system.

The virus writing "crisis of ideas" that we wrote about at the close of last year (and which we feared would end in a crisis in the near future) is still in full swing. The current period is characterized by the lack of any real new threats and an upswing in the commercialization of the virus writing environment. As I previously confirmed, the ball is now in our court - for the first time in many years, the antivirus companies have the upper hand. Virus writers are concerned solely with earning dirty money and are incapable of coming up with new ideas, so instead they are trying to milk what they can out of old technologies - and the antivirus industry is coping quite well. The worst thing about the current situation is that quality has given way to quantity. The barrage of primitive malicious programs stealing things right and left continues to grow, but it's more reminiscent of a battle between rock'em sock'em robots than a battle of wits.

This report will say very little about malicious programs. We will be changing gears to examine a wider range of information security: Internet problems, new technologies and vulnerabilities. These are the areas in which todayís key tasks lie, the problems which todayís antivirus companies must resolve.


These events, which took place in late April and early May, will likely remain the most discussed events in all of 2007. For the first time in history, politicians, representatives of the armed forces, and computer experts around the world discussed this still virtual topic: cyberwar. This topic concerned Estonia, namely the attacks that dozens of servers in the Estonian sector of the Internet suffered. It began in mid-April, when the Estonian government ruled to remove a monument dedicated to Soviet soldiers who died in WWII as Estonia was being liberated from one of Tallinn's central squares. This decision was met with great protest from Russia and led to an exacerbation of the political ties between the two countries.

Similar political situations in the relations between Russia and the former republics of the Soviet Union who have done everything in their power to get as far away as possible from the Soviet past are certainly nothing new. Itís possible that this incident would have remained an issue for the diplomats to tackle, but several other factors compounded the issue and then something else happened. On April 27, the Estonian websites of the president, the prime minister, the Estonian parliament, police and a number of ministries were overloaded with an enormous number of requests from thousands of computers located around the world. This happened immediately after the Estonian police broke up a demonstration in Tallinn that had gathered in protest at the removal of the monument. Over 600 people were arrested, and about a hundred were injured in this skirmish with the police.

Immediately afterwards, a counterattack was made via the Internet. According to studies conducted by the experts at Finland-based F-Secure, the following websites were completely inaccessible on April 28:

* (Website of the prime minister): unreachable
* (Ministry of Economic Affairs and Communications): unreachable
* (Ministry of Internal Affairs): unreachable
* (Ministry of Foreign Affairs): unreachable
* (Estonian Government): unreachable
* (Estonian Parliament): unreachable


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th