Kaspersky Lab

Kaspersky Lab’s New Technology To Provide More Data About Botnets

10 Aug 2012
Product news

Kaspersky Lab is excited to announce two new patents in the US for advanced technology solutions developed by company experts. These new technologies are designed to fight cybercrime in general, first by effectively neutralizing threats on infected systems, and by identifying, analyzing, and blocking spam botnets.

The methods used to restore systems that have been infected with malicious programs is described in Patent No. 8181247. This technology analyzes the activity of different objects (such as installed programs) based on data in a log of registered events, and establishes any correlations that may exist. Using these data, once malicious activity has been detected, the technology makes it possible to cancel any changes that were made to the system. IN particular, uninfected file versions are restored, and the correct registry entries are also restored, while the data and entries that resulted from any malicious activity are deleted. In order to prevent any further infections, all of the network connections that were made with malicious objects are cut off, and their processes are shut down. This technology, which is a part of the System Watcher module in Kaspersky Lab products, helps put systems back in the condition in which it was before it came into contact with any malicious programs, while fully maintaining performance.

The second — Patent No. 8195750 — describes a system and methods to identify botnets that are used to conduct mass mailings. This technology organizes the collection and analysis of statistics from email servers. The collected data is then used to create a model of the distribution of emails depending on their size and the date on which they were sent. Further analysis makes it possible to identify the computers involved in the mass mailings of identify emails and which are presumably part of a botnet. One of the advantages of this technology is how fast the system works: data collection takes a relatively short period of time, from just a few hours up to one day.

“The system that has been designed by Kaspersky Lab to identify infected computers that are part of a malicious user botnets uses exclusively implicit data. As a result, analysis of the data that is obtained from email servers can be very time consuming, making this kind of search considerably less efficient. In fact, a specific infected system is capable of sending spam within a very short period of time — just a few hours or days, after which malicious users switch it over to an inactive waiting mode,” says Eugene Smirnov, Head of the AntiSpam Technology Development Group at Kaspersky Lab. “This technology boosts the quality of our spam filtration system, and provides the data we need to analyze and then shut down a botnet, similar to what happened in the case of the well-known botnet Kelihos.”

The total number of patents issued to Kaspersky Lab by the US Patent and Trademark Office is now 55. Kaspersky Lab holds over 100 patents in the US, Russia, China, and Europe.

© 1997 – 2014 Kaspersky Lab

All Rights Reserved. Industry-leading Antivirus Software