Site iconSite icon IFSEC Insider | Security and Fire News and Resources

Kaspersky Lab patents cutting-edge technology for fighting cybercrime

Today’s crimeware makes extensive use of Trojans to penetrate users’ machines. Once installed on a system, a Trojan downloads numerous other malicious programs from the Internet. As a result, dozens of various malicious programs and their components can end up on a user’s PC.

Some of them may be new malicious programs with signatures that have yet to be added to antivirus databases, or that make use of unknown technology for evading detection. Malware like this can go undetected by antivirus solutions for some time, carrying out harmful or destructive operations on an infected computer.

Closing the loopholes for cybercrime attacks

A single initial virus incident can lead to the downloading of many malicious programs unknown to antivirus software. This flaw in antivirus protection means that a single breach can leave a user’s computer compromised until all the malicious software and methods of hiding have been identified and distributed through updates.

This defect can now be solved using the latest Kaspersky Lab technology developed by Mikhail Pavlyushchik. The technology was granted Patent No 7472420 by the US Patent and Trademark Office in December. The patent outlines the method used to detect and remove all malicious programs installed on a user’s computer as a result of a single virus incident, as well as locating the source and time of the incident.

Track down viruses in every nook and cranny

The new technology is based on the logging of system events that indicate the possibility of a virus infection (for example, the modification of an executable file and/or a record in the system registry) and then determining the extent of a virus incident based on the records made.

According to the patented technology, when a malicious process or file is detected, a module that analyses preceding events is launched that allows the source and the time of an infection to be determined. The system then analyses all ‘child’ events related to the source event, which makes it possible to detect all malicious programs involved in the incident (including those that were previously unknown).

Preventing future cybercrime attacks

In addition to detecting malware, the new technology removes or quarantines malicious code, interrupts malicious processes and restores the system files from a trusted back-up. Information about malicious programs detected with the help of the patented method can be immediately sent to antivirus vendors in order to speed up their response times to new threats.

Determining the source and context of an infection is helpful in preventing similar virus incidents in the future (for example, in detecting and blocking infected sites or detecting and eliminating software vulnerabilities, etc). Furthermore, reconstructing the full picture of an incident and documenting it could provide the basis for building a successful criminal case against those cybercriminals responsible.

Kaspersky Lab currently has more than 30 patent applications pending in the US and Russia. These relate to a range of technologies developed by company personnel. Additionally, many of today’s antivirus technologies were developed by Kaspersky Lab and are currently used worldwide under license by vendors including Microsoft, Bluecoat, Juniper Networks, Clearswift, Borderware, Checkpoint, Sonicwall, Websense, LanDesk, Alt-N, ZyXEL, ASUS and D-Link.

University of London: cybercrime protection in action

Kaspersky Lab has also announced that Royal Holloway, one of the four largest multi-faculty colleges in the University of London, is using Kaspersky Open Space Security to deliver full protection from crimeware for its 1,200 full-time staff and 8,000 undergraduate and post-graduate students.

Open Space Security is protecting IT systems spread across the main campus in Egham and three satellite buildings. Its infrastructure comprises approximately 3,000 computers and 140 servers, using both UNIX and Windows.

An academic network for general work and a limited connectivity student network are provided using fixed and mobile connections that are accessed by the university computers, as well as laptops belonging to students. In addition, many of the staff members have remote access to university IT systems off-site, increasing the risk of security breaches.

Initially, Royal Holloway’s management team was looking for an antivirus solution, but recognised that the Open Space Security suite would deliver full Internet security functionality and protection.

Low scanning footprint, high detection rates

Huw Michael – infrastructure technical architect for Royal Holloway, University of London – told SMT Online: “It became clear we needed a single product that would work both on the campus and also remotely, offering scanning and reboots, a low scanning footprint and a high detection rate with a simple and user-friendly interface.”

Students have also been supplied with free licenses for Kaspersky Labs’ home user product Internet Security 2009 that can be installed on their own machines, in turn building-in a further line of defence against possible crimeware threats.

Exit mobile version