New method for detection and removal of malicious programs after a single virus incident
Abingdon, 20th February 2009 - Kaspersky Lab announces the successful patenting of a cutting-edge IT security technology in the US. The technology enables detection and removal of all malicious programs, including those that were previously unknown, installed on a user's computer after a single virus incident.
Today's crimeware makes extensive use of Trojans to penetrate users' machines. Once installed on a system, a Trojan downloads numerous other malicious programs from the Internet. As a result, dozens of various malicious programs and their components can end up on a user's PC. Some of them may be new malicious programs with signatures that have yet to be added to antivirus databases or that make use of unknown technology for evading detection. Malware like this can go undetected by antivirus solutions for some time, carrying out harmful or destructive operations on an infected computer.
Close the loopholes for Cybercrime attacks
A single initial virus incident can lead to the downloading of many malicious programs that are unknown to antivirus software. This flaw in antivirus protection means that a single breach can leave a user's computer compromised until all the malicious software and methods of hiding have been identified and distributed through updates. This defect can now be solved using the latest Kaspersky Lab technology developed by Mikhail Pavlyushchik. The technology was granted Patent No. 7472420 by the US Patent and Trademark Office on December 30th, 2008. The patent outlines the method used to detect and remove all malicious programs installed on a user's computer as a result of a single virus incident as well as locating the source and time of the incident.
Track down viruses in every nook and cranny
The new technology is based on the logging of system events that indicate the possibility of a virus infection (for example, modification of an executable file and/or a record in the system registry) and then determining the extent of a virus incident based on the records made. According to the patented technology, when a malicious process or file is detected, a module that analyses preceding events is launched that allows the source and the time of an infection to be determined. The system then analyzes all child events related to the source event, which makes it possible to detect all malicious programs involved in the incident, including those that were previously unknown.
Prevent future Cybercrime attacks
In addition to detecting malware, the new technology removes or quarantines malicious code, interrupts malicious processes, and restores the system files from a trusted backup. Information about malicious programs detected with the help of the patented method can be immediately sent to antivirus vendors in order to speed up their response times to new threats. Determining the source and context of an infection is helpful in preventing similar virus incidents in the future, for example, in detecting and blocking infected sites, detecting and eliminating software vulnerabilities etc. Furthermore, reconstructing the full picture of an incident and documenting it could provide the basis for building a successful criminal case against the Cybercriminals responsible.
Kaspersky Lab currently has more than 30 patent applications pending in the US and Russia. These relate to a range of technologies developed by company personnel. Additionally, many of today's antivirus technologies were developed by Kaspersky Lab and are currently used under license by vendors worldwide, including Microsoft, Bluecoat, Juniper Networks, Clearswift, Borderware, Checkpoint, Sonicwall, Websense, LanDesk, Alt-N, ZyXEL, ASUS and D-Link.