|
 |
Clavister uses three threat levels: normal, meaning that virus activity is normal; mediume, meaning that the risk of infection is higher than usual; and high, meaning that the danger of infection is high.
Normal: virus activity is normal
There is always some virus activity. This threat level means that there are no significant new threats, and computers with up-to-date antivirus databases and all recent patches installed are not at risk.
Normal: informational alert
An informational alert will be issued:
If spamming of a malicious program is detected. Even if the program itself does not present a serious threat, spamming may lead to a serious outbreak due to the volume of infections.
If virus analysts receive a sample of a malicious program with unique functionality, or proof of concept code, or a program which does not pose a direct threat but is of technical interest.
Medium: medium alert
This threat level means that a specific malicious program may present a threat even to machines with up-to-date patches and antivirus protection. An orange alert will be published if:
If more than 10 messages about detection or infection by the malicious program are received from users in the space of 4 hours
If the malicious program is a new modification of a program which previously caused a significant outbreak
If the malicious program uses a critical vulnerability or vulnerabilities in Windows to propagate
High: high alert
This threat level is the highest, and means that a malicious program is spreading rapidly, posing a potential danger to the majority of systems. A red alert is issued when:
A high number of infections (several hundred) are detected in the space of 24 hours. This includes both samples which arrive independently at Kaspersky Lab or are detected at partner locations
The malicious program is widely present in network traffic. This information is sourced from Kaspersky Lab analysts and other major research organisations such as MessageLabs, CERT and SANS
The outbreak could lead to a loss of connectivity (short or long term, partial or total) in segments of the Internet
The decision to publish an alert is taken by virus analysts, who track malware activity around the clock.
|
