Kaspersky Lab has released its latest Malware Evolution report, covering the period between June and September 2006 and, as usual, it makes for interesting reading.

Alexander Gostev, Senior Virus Analyst, Kaspersky Lab comments that the first six months of 2006 was “notable for the complexity of the technologies which antivirus companies had to deal with, a large number of new proof of concept programs, and the ever increasing interest shown by hackers in Microsoft Office.”

While there was no great exploit epidemic during this latest quarter, nor any new proof of concept viruses for that matter, or even much activity on the virus front at all that is not to say it has been a dull three months from the perspective of the security professional. Of most interest to me has been the continuing unwanted attention paid to the MS Office suite of applications, or perhaps to be more precise the fact that nothing has really changed from the first six months of the year in this regard.

To put this into some perspective you have to look back to the last report from Kaspersky Lab which highlighted the problem of OLE documents, as created by Office applications, which took centre stage during a whole host of vulnerabilities (in excess of 100) that were discovered and publicized before Microsoft was able to produce even a temporary patching solution. At the time Kaspersky Lab were vocal enough in pointing out that in order to properly secure its Office suite, Microsoft could not rely on the ‘Band-Aid over a gaping wound’ stopgap of issuing patches for each vulnerability, but rather would need to address the technology that powers and processes OLE objects. Needless to say, nothing has happened in this regard and Microsoft continues with its now obviously ineffective ‘Patch Tuesday’ strategy. No great surprise, then, that Kaspersky Lab reports malicious users continuing to challenge Microsoft with new Trojans, the most active threats coming from the direction of Chinese hackers apparently.

Just look at the vulnerability head count for those three months if you need evidence of the failure of Microsoft to properly address the flaws in its strategy:


  • Microsoft Security Bulletin MS06-037
  • Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
  • Microsoft Security Bulletin MS06-038
  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
  • Microsoft Security Bulletin MS06-039
  • Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)


  • Microsoft Security Bulletin MS06-047
  • Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code
  • Execution (921645)
  • Microsoft Security Bulletin MS06-048
  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)


  • Microsoft Security Bulletin MS06-054
  • Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)

And if you want to add to the list those vulnerabilities that were fixed by patches in October but originally detected in September, and why not, here they are:


  • Microsoft Security Bulletin MS06-058
  • Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
  • Microsoft Security Bulletin MS06-059
  • Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
  • Microsoft Security Bulletin MS06-060
  • Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
  • Microsoft Security Bulletin MS06-062
  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)

“At Kaspersky Lab” the report notes “we even started betting on how long it would take for a new vulnerability to be detected in Office after the previous patch had been released. And the question wasn't whether a new vulnerability would be detected, but when: in each case, it was clearly only a matter of time, and not much time at that.” To make matters worse, for pretty much all of the reported vulnerabilities there were literally dozens of Trojans detected, so we are not talking isolated attacks here but large scale, determined exploitation of known holes. And it is just that which Kaspersky suggests as a theory to explain away the sheer scale of the attacks, the possibility that Microsoft is being deliberately targeted in an attempt to discredit the Seattle giant as an information security specialist.

To be honest, there are many who would claim that it doesn’t require a concerted effort by Chinese hackers to do that...

About the Author

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Try and protect your computer.
If you are like me then you have probably tired many different types of scans to try and protect your computer. There are many different options available but I have found that most of them pick up the same bugs whether you pay for the scan or download a free version. Orbasoft Antispyware (http://www.orbasoft.com) is one of the best that I have found so far and it cost less than many of the other well-known scans on the market today. If you are searching for a good scan I suggest that you check out the antispyware solution from Orbasoft.