Kaspersky Lab Granted New US Patent Covering Technology for Detection of Previously Unknown Malware Components
03 Feb 2012
Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that it has been granted a new patent in the USA. Patent № 8104090 covers a “Method and System for Detection of Previously Unknown Malware Components”. The patented technology was developed by Mikhail Pavlyushik.
The newly patented technology detects multi-component malicious programs. This is done by restoring the parent-child relationships between such components using a special analyzer, which keeps a journal of system events and saves them all in its database.
Each event in the system is given a parameter of relevance using a separate monitor, that is, the importance of information connected with this event is determined for the analyzer. Such events include file operations, operations with the registry or with processes, etc.
If the antivirus program subsequently finds an infected file in the system, all the information related to that file goes into the analyzer, which looks up all the objects connected with that file in the event journal (which processes addressed the file, which process created or modified it, etc.). The analyzer then checks the time criteria of all the objects discovered, which permits, for example, malicious programs with delayed activation to be located.
At present Kaspersky Lab has been granted 49 patents covering its advanced technologies in Russia, 42 in the United States, one in Europe and another in China. A further 35 patents are currently pending in Russia, 45 in the United States, 37 in Europe, and 23 in China.