Kaspersky Lab Granted US Patent for Detection of Complex Malware
31 Oct 2011
Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that it has been granted a new patent in the USA. Patent № 8042186 covers both a system and method for detection of complex malicious programs. The newly patented technology was invented by a team of five Kaspersky Lab experts.
According to Kaspersky Lab statistics, more than 70,000 new malware samples appear daily. The majority of malicious programs are distributed as one object or file, but complex malware – made up of multiple objects – is being detected more and more often. These malicious programs have several modules, but separately these modules are not that easy to detect using conventional methods. In order to detect these complex malicious programs, security software has to analyze the whole sequence of actions initiated by different modules. Therefore, it is also necessary to reveal the connections between the modules of a malicious program.
The system and method covered in the patent detect this kind of multi-module malware. The technology behind this detection system tracks down the activities of untrusted programs or processes, and evaluates their actions. It also searches for similarities and connections between different programs’ actions and, if such similarities are discovered, treats separate activities as one suspicious program. By analyzing the characteristics of such unified “context” as well as separate “contexts”, the system is able to identify complex malware and block all of its modules. With the addition of this new patent Kaspersky Lab now holds a total of 36 patents in the United States. More than 120 patent applications covering Kaspersky Lab’s advanced technologies are currently being examined by the US, European, Russian and Chinese patent offices.