Kaspersky Lab Patents Technology for the Easy Removal of Obfuscated Malware
A new technology to reveal malicious files that can be hidden from the detection of security software products.
Woburn, MA – August 4, 2016 – Kaspersky Lab has patented a new technology to reveal malicious files that can be hidden from the detection of security software products. The patent is titled, “System and Method for Detecting Harmful Files Executable on a Virtual Stack Machine.”
The new technology is included in Kaspersky Internet Security and Kaspersky Total Security products, allowing the security solutions to uncover malicious files trying to hide themselves with different re-packing methods.
Last year, the number of Adobe Flash Player exploits significantly increased. Malicious files created for this platform can be hidden by re-packing malicious files or embedding “trash” instructions into them. In some cases, the exploit is re-packed for each different user meaning each victim is hit with a unique malicious file. As a result, the process of detection by traditional methods (such as signature or heuristics analysis) is hampered. The new patented technology was developed to make detection of such malware easier.
Kaspersky Lab’s experts created a universal hash-sum representing a check-sum which is calculated based on the byte-code of the analyzed malicious files, detecting the whole group of malicious files at once. This approach allows malicious files to be detected, regardless of the way used to protect the analyzed file from being detected by the security product. At this stage, the patented technology is aimed at the detection of malicious files created by .NET and ActionScript frameworks.
“This kind of hash-sum referring not only to a certain file but group of files is very useful, because it can be easily integrated into automatic detection systems and allows detection of numerous objects with a single record, said Alexander Liskin, Heuristic Detection Group Manager at Kaspersky Lab, and co-author of this technology. “In the long term, such hash-sums can be created for other types of malicious files that use virtual stack machines.”
“It is worth mentioning that applying these hash-sums has achieved great results in the field of detection of SWF exploits, which are the most popular type at the moment,” said Anton Ivanov, Senior Malware Analyst at Kaspersky Lab, and co-author of this technology. “Due to the implementation of such a technology service for SWF exploits, auto-detecting has also been put into operation.”
To read more about the patent US9396334 follow this link. Kaspersky Lab currently has over 450 patents.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter
Media Contact:
Kaspersky Lab
Denise Bertrand
781.503.1836
denise.bertrand@kaspersky.com
Kaspersky Lab Patents Technology for the Easy Removal of Obfuscated Malware
Kaspersky
Related Articles Press Releases
Kaspersky report shows just how common scams are becoming on popular online services
Consumer security survey captures user experiences and attitudes related to online scams and privacy trendsRead More >