Kaspersky Lab’s cutting-edge technology for combating unknown threats granted US patent

11 Feb 2009
Press Releases

Kaspersky Lab, a leading developer of secure content management solutions, announces the successful patenting of cutting-edge IT security technology in the US. The technology enables detection and removal of all malicious programs, including those that were previously unknown, installed on a user’s computer after a single virus incident.

Today’s malware makes extensive use of Trojans to penetrate users’ machines. Once downloaded and installed on a system, a Trojan downloads numerous other malicious programs from the Internet. As a result, dozens of various malicious codes and their components can end up on a user’s PC.

Some of them may be new malicious programs with signatures that have yet to be added to antivirus databases or that make use of unknown technology for evading detection. Malware like this can go undetected by antivirus solutions for some time, carrying out harmful or destructive operations on an infected computer.

This flaw in antivirus protection makes the task of detecting and removing all malicious programs and their components downloaded and installed on a user’s computer as a result of a single virus incident, including previously unknown malware, all the more important. This defect can now be solved using the latest Kaspersky Lab technology developed by Mikhail Pavlyushchik.

The technology was granted Patent No. 7472420 by the US Patent and Trademark Office on 30 December, 2008. The patent outlines the method used to detect and remove all malicious programs installed on a user’s computer as a result of a single virus incident as well as locating the source and time of the incident.

The new technology is based on the logging of system events which indicate the possibility of a virus infection (for example, modification of an executable file and/or a record in the system registry) and then determining the extent of a virus incident based on the records made.

According to the patented technology, when a malicious process or file is detected, a module that analyses preceding events is launched that allows the source and the time of an infection to be determined. The system then analyzes all child events related to the source event, which makes it possible to detect all malicious programs involved in the incident, including those that were previously unknown.

In addition to detecting malware, the new technology removes or quarantines malicious code, interrupts malicious processes, and restores the system files from a trusted backup.

Information about malicious programs detected with the help of the patented method can be immediately sent to antivirus vendors in order to speed up their response times to new threats. Determining the source and context of an infection is helpful in preventing similar virus incidents in the future, for example, in detecting and blocking infected sites, detecting and eliminating software vulnerabilities, etc.

Furthermore, reconstructing the full picture of an incident and documenting it could provide the basis for building a successful criminal case against the cybercriminals responsible.

Kaspersky Lab currently has more than 30 patent applications pending in the US and Russia. These relate to a range of technologies developed by company personnel.

Additionally, many of today’s antivirus technologies were developed by Kaspersky Lab and are currently used under license by vendors worldwide, including Microsoft, Bluecoat, Juniper Networks, Clearswift, Borderware, Checkpoint, Sonicwall, Websense, LanDesk, Alt-N, ZyXEL, ASUS and D-Link.