Kaspersky Lab announces the release of AntiViral Toolkit Pro (AVP) Script Checker freeware- a new breakthrough anti-virus technology to combat against script-viruses and worms similar to the deplorable "LoveLetter" worm.
AVP Script Checker is a unique technology for protection against all known and unknown variations of the "LoveLetter" worm. The technology is based on new principles of checking script-programs designed for Windows applications (such as Microsoft Explorer, Microsoft Internet Explorer, Microsoft Outlook etc.). AVP Script Checker acts as a filter between the script application (for example Outlook or Internet Explorer) and the script processor (for example Microsoft Windows Script Host).
The moment the script is transferred for processing, it is intercepted and checked for any known or unknown script-viruses or worms. All known viruses will be detected and neutralised by AVP Monitor, an "on-the-fly" anti-virus guard. Unknown viruses of this type will be blocked by the new and improved AVP heuristic analyser.
"The double-level anti-virus defence system, which is integrated into the kernel of the script-machine is the most effective way of protecting computers and networks against a new generation of Internet worms." states Eugene Kaspersky.
AVP Script Checker is available as freeware on http://www.kasperskylab.ru/eng/products/eval.asp in the "AVP free versions" section
More information on the "LoveLetter" story
"LoveLetter" worm: how it happened?
The number of "declarations of love" at the beginning of May 2000 exceeded the most optimistic forecasts and currently is at least three times more than the average statistic figures. Everybody was declaring his/her love - from secretaries and clerks to bosses and parliamentarians, and they did so insistently and completely - everybody who could be accessed, was loved.
This impressive epidemic of love stories begun on 4 May 2000, when a German or Filipino (this is still under investigation) student sent their new worm creation to Internet conference(s). It then spread like wildfire - the worm occupied and affected millions of computers with fantastic speed, because of its "fan-delivery" method of infection. The worm sent copies of itself using all the addresses located in the victim's Outlook address book.
Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab, compared the worm's spreading routine with an A-bomb: "This worm sends itself immediately it infects a system (unlike KakWorm that attaches itself to messages that are sent by a user). The worm sends itself to all the addresses in the Address Book (unlike Melissa that uses just 50 addresses). As a result the "chain reaction" of infected messages (and, of course, infected machines and networks) is dramatically accelerated. Imagine an average company with 50 employees, 300 addresses in Outlook, and about 20% of the staff not aware of the possible danger in the attached messages. The average number of infected messages that will be sent from such a company is 0.20*50*300 = 3000 infected messages.With nuclear bombs each neutron results in three more neutrons. Thus the computer love bug is 1000 times more powerful than an A-bomb!".
The first region to be hit was Asia, from where (Philippines) the worm started its invasion of the rest of the world. As the World awoke, the worm infected the European countries, then followed the time zones and moved across the water to America. In few hours the whole World had been crippled by the new computer monster. News agencies stated that there were approximately 3 million computers infected, and losses were estimated between US$100 million to US$10 billion.
Antidote discovered
It took Kaspersky Lab's anti-virus experts about 10 minutes to produce an emergency update to their AVP database. So much destruction for a 10 minute cure!
However the next problem was that the worm started to mutate. This was because the worm is written in VisualBasic script language, i.e. is distributed in source code and is therefore very easy to modify. As a result everybody who has any elementary VisualBasic knowledge is able to refine the worm's code and add or remove routines and functions.
The next problem with the detection of script virus and worms is the fact that in some cases the scripts are activated as a program in the system memory only, not as a program from a disk file. As a result, the anti-virus monitors responsible for scanning disk files become useless for detecting a malicious code in scripts.
The solution
The best way to protect your computer or a network against "LoveLetter"-style worms and other script-viruses is to use AVP Script Checker. It is available as freeware on http://www.kasperskylab.ru/eng/products/eval.asp in the "AVP free versions" section
Share
Kaspersky Lab
Kaspersky Lab Ltd. is a fast growing international privately owned anti-virus software development company with offices in Moscow (Russia), Cambridge (UK) and Johannesburg (South Africa). Founded in 1997 the company concentrates its efforts on the development of world-leading anti-virus technologies and software. Kaspersky Lab also provides free online security related internet information services. The company markets, distributes and supports its software and services in more than 40 countries worldwide.