Virus Epidemics Threat Levels

Kaspersky Lab uses three threat levels: green, meaning that virus activity is normal; orange, meaning that the risk of infection is higher than usual; and red, meaning that the danger of infection is high.

Green: virus activity is normal

There is always some virus activity. This threat level means that there are no significant new threats, and computers with up-to-date antivirus databases and all recent patches installed are not at risk.

Green: informational alert

Orange: medium alert

This threat level means that a specific malicious program may present a threat even to machines with up-to-date patches and antivirus protection. An orange alert will be published if:

• If more than 10 messages about detection or infection by the malicious program are received from users in the space of 4 hours
• If the malicious program is a new modification of a program which previously caused a significant outbreak
• If the malicious program uses a critical vulnerability or vulnerabilities in Windows to propagate

Red: high alert

This threat level is the highest, and means that a malicious program is spreading rapidly, posing a potential danger to the majority of systems. A red alert is issued when:

• A high number of infections (several hundred) are detected in the space of 24 hours. This includes both samples which arrive independently at Kaspersky Lab or are detected at partner locations
• The malicious program is widely present in network traffic. This information is sourced from Kaspersky Lab analysts and other major research organisations such as MessageLabs, CERT and SANS
• The outbreak could lead to a loss of connectivity (short or long term, partial or total) in segments of the Internet

The decision to publish an alert is taken by Kaspersky Lab virus analysts, who track malware activity around the clock.