Network Associates refreshes virus risk assessment program to address blended threats

Network Associates, has recently announced that AVERT (Anti-Virus Emergency Response Team), the company`s anti-virus research division, has updated the way it assesses the risk of virus and malicious code threats to the millions of customers using Network Associates` McAfee Security products. The modified risk assessment program includes a new assessment 'Low-Profiled` category to help customers identify virus threats that present limited risk, but demonstrate potential for widespread notoriety.

AVERT is also formalising its 'High-Outbreak` assessment category, as well as modifying the program to distinguish virus threats between home users and corporations.

AVERT`s risk assessment program measures a threat`s degree of risk and now classifies each threat into one of six categories:

The virus has not been reported in the wild, doesn`t necessarily have a payload and, though it may be on a common operating system, it does not spread because the application is rarely used. Examples of low risk threats include: W97M/JulyKill and W32/Shoho.

These viruses, like their low-risk counterparts, present a limited threat to consumers and corporations. However, the low-profiled threats often draw disproportionate, mass attention for incorporating a high-profile component such as a celebrity name in the subject or body of the e-mail, or gain notoriety for proving a technological concept. Examples of low-profiled threats include:

W32/Maldal, VBS/Bubbleboy and PalmOS/Phage.963.

The virus is reported by several customers or researchers, and it can have a destructive payload capable of infecting a common operating system through traditional methods. Examples of medium threats include: W32/Ska (Happy99) and Backdoor-Sub7.

The virus gains prevalence quickly over a short period of time, has a payload that can be serious or fairly benign and can spread on a common operating system, or through the aid of a popular application. Examples of medium-on-watch threats include: W32/Southpark and W32/Badtrans.b.

The virus is reported often or very often in the wild, has a payload that can be serious or fairly benign and spreads rapidly on a common operating system using a common platform. Examples of high threats include: W95/CIH, VBS/Newlove and W32/Naked.

The virus is a mass-mailing virus and therefore has the ability to spread around the world in a matter of hours. Examples of high-outbreak threats include: W97M/Melissa, VBS/Loveletter and W32/Nimda.

AVERT has also enhanced its risk assessment program by providing more detailed information at http://www.avertlabs.com/ about how a particular virus threat will affect home and corporate users. Under the new program, AVERT will evaluate each new virus threat independently for both home and corporate environments. With a tendency not to update their software regularly, the effects of a virus may be very different for home users compared to corporate networks. This is exemplified by the recent Klez.h mass-mailing virus - a 'Low` risk for corporate users and a much higher risk for home users who do not practice regular updating.

"Network Associates is committed to protecting customers from today`s evolving virus threats by proactively providing the highest levels of virus outbreak response," says Christopher Bray, Network Associates` regional director for sub-Saharan Africa. "Virus threats are evolving and so too must the way in which we respond. Network Associates` enhancements to the AVERT risk assessment program enables our customers to cut through the confusion often created by low risk viruses that have pop culture appeal. We`re giving them easy access to the right information for determining how to respond to today`s threats."