Kaspersky Releases Malware Evolution Report

Report highlights inner workings of a Kaspersky Lab virus investigation

WOBURN, Mass. -- Kaspersky Lab, a leading developer of Internet threat management solutions that protect against viruses, spyware, hackers and spam, today announces the publication of its report on the evolution of malware from July – September 2007.

The bulk of the report details a Kaspersky Lab virus investigation into the latest version of, a Trojan that encrypts user data. The report provides a rare glimpse into the world of Russian-speaking cybercriminals and how they interact with one another.

The investigation of brought to light a number of interesting factors. It became clear that there was 'universal’ code used in a range of malicious programs with differing functions. Secondly, the analysts identified new links between different families of malicious code that initially appeared to have nothing in common. Finally, the Russian-speaking cybercriminal community is now using a standard package consisting of two Trojans and a botnet controlled by them.

In addition, the quarterly report points out the growing trend of new threats that, for the most part, are emerging as a concentrated flow of uniform Trojan programs. The lack of originality and the scale of activity, according to the analysts at Kaspersky Lab, points to a greater professionalism among cybercriminals—attracting the attention of the press or law enforcement agencies is no longer the primary focus of cybercriminals.

The third quarter of 2007 was highlighted by the appearance of the latest Trojan blackmailer and by Web sites that saw the simultaneous installation of multiple botnets. The situation surrounding the Storm botnet also caught the attention of the public as it exceeded 2 million infected computers, as well as the appearance of Trojan spyware aimed at stealing the data of users with Russian software for accessing the stock exchange system online.

The report is authored by Kaspersky Lab analysts Alexander Gostev and Vitaly Kamluk and the full report can be found at

Kaspersky Lab