Moscow, Russia
Moscow, Russia

Kaspersky Lab is an international group operating in almost 200 countries and territories worldwide. The company is headquartered in Moscow, Russia, with its holding company registered in the United Kingdom. Kaspersky Lab currently employs over 2,850 qualified specialists. It has 31 representative territory offices in 30 countries and its products and technologies provide service for over 300 million users and over 250,000 corporate clients worldwide. The company is specially focused on large enterprises, and small and medium-sized businesses. Wikipedia.


Time filter

Source Type

Disclosed are systems and method for generating a set of antivirus records to be used for detection of malicious files on a users devices. An exemplary method includes maintaining, by a server, a database of malicious files; generating, by the server, at least one antivirus record for each malicious file; calculating an effectiveness of each antivirus record by determining how many different malicious files were detected using each antivirus record; generating a set of most effective antivirus records; and transmitting, by the server, the set of most effective antivirus records to a client device.


Patent
Kaspersky Lab | Date: 2016-03-07

Disclosed are exemplary aspects of systems and methods for blocking execution of scripts. An exemplary method comprises: intercepting a request for a script from a client to a server; generating a bytecode of the intercepted script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database; identifying a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity; determining a coefficient of trust of the similar hash sum; determining whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and blocking the execution of the malicious script on the client.


Patent
Kaspersky Lab | Date: 2016-03-07

Disclosed are systems and method for configuring antivirus scans on a computer. An example method comprising: identifying, by a hardware processor, a software object that requires an antivirus scan; collecting, by the hardware processor, information for setting antivirus scan of the object; accessing, by the hardware processor, a data store of antivirus setting rules; selecting, by the hardware processor, a date and time for the start of the antivirus scan of the object based on the collected information and one or more antivirus setting rules; selecting, by the hardware processor, an antivirus scan method based on the collected information, the selected date and time, and one or more antivirus setting rules; and performing, by the hardware processor, an antivirus scan of the object using the selected antivirus scan method and at the selected date and time.


Patent
Kaspersky Lab | Date: 2016-11-08

Systems and methods to detect malicious executable files having a script language interpreter by combining a script emulator and a machine code emulator. A system includes an analyzer configured to convert a script into pseudocode and monitor an emulation process of the pseudocode, a script emulator configured to sequentially emulate the pseudocode and write emulation results to an emulator operation log, and a machine code emulator configured to emulate the pseudocode if a transition from pseudocode to machine code is detected by the analyzer, such that the analyzer can analyze the emulator operation log to determine if the executable file is malicious.


Disclosed are systems and methods for controlling installation of programs on a computer. An exemplary system is configured to detect installation of an unknown program on a computer; suspend installation of the unknown program; execute the unknown program in a secure environment; detect undesirable actions of the unknown program, including: actions performed by the program without knowledge of a user, actions for accessing personal user data on the computer, and actions effecting users working with other programs or operating system of the computer; determine whether the unknown program is undesirable or not based on the detected undesirable actions of the program; when the unknown program is determined be undesirable, prompt the user to select whether to allow or prohibit installation of the undesirable program on the computer; and when the unknown program is determined not to be undesirable, allow installation of the unknown program on the computer.


Disclosed are system and method for detecting malicious code in random access memory. An exemplary method comprises: detecting, by a hardware processor, a process of an untrusted program on the computer; identifying, by the hardware processor, function calls made by the process of the untrusted program, including inter-process function calls made by the process to a destination process; determining, by the hardware processor, whether to perform malware analysis of a code in an address space of the destination process that was subject of an inter-process function call made by the process of the untrusted program; and when it is determined to perform malware analysis, analyzing the code in an address space of the destination process that was subject of an inter-process function call made by the process of the untrusted program using antivirus software executable by the hardware processor.


Disclosed are systems and method for detection of malicious encryption programs. An example method comprises: intercepting, at a server, a file operation request from a client on a file stored on the server; collecting information about at least the requested file and the requested operation; determining, by a hardware processor of the server, based on the collected information, whether the file operation request came from a known malicious encryption program; when the file operation request came from an unknown program, then calculating, by the hardware processor, entropies of at least a portion of the file before and after the execution of the requested operation on the file; and calculating, by the hardware processor, a difference between the calculated entropies; when the difference is below a threshold, allowing the requested operation on the file; and when the difference is above the threshold, denying the requested operation on the file.


Patent
Kaspersky Lab | Date: 2017-04-05

Disclosed are examples of systems and methods for detection of phishing scripts. An exemplary method comprises: generating a bytecode of a script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and hash sums in one or more groups of hash sums of known phishing scripts; identifying at least one group of hash sums that contains a hash sum whose degree of similarity with the hash sum of the bytecode is within a threshold; determining a coefficient of compactness of the identified group of hash sums and a coefficient of trust of the identified group of hash sums; and determining whether the script is a phishing script based on the degree of similarity, the coefficient of compactness and the coefficient of trust.


The present disclosure pertains to data security, and more specifically, to a method and system of user authentication using an electronic digital signature of the user. An exemplary method includes obtaining biometric data of the user, calculating a biometric key based on the biometric data, identifying encrypted confidential information of the user in an electronic database and decrypting the identified confidential information of the user using the calculated biometric key. Furthermore, the method includes calculating a cryptographic key using a first portion of the decrypted confidential information of the user; generating an electronic digital signature of the user based on the cryptographic key; verifying the electronic digital signature using a second portion of the decrypted confidential information; and authenticating the user to access the data if the electronic digital signature is verified.


Grant
Agency: Cordis | Branch: H2020 | Program: IA | Phase: DS-03-2015 | Award Amount: 6.07M | Year: 2016

Critical infrastructures (CI) rely on complex safety- and security-critical ICT systems placed into unpredictable environments and forced to cope with unexpected events and threats while exhibiting safe adaptive behavior. Recent security trends stress continuous adaptation to increase attacker work factor and to confound reverse-engineering. Critical CI systems must undergo extensive and costly scrutiny under diverse certification regimes. Improved, effective and affordable development and certification methods are essential. CITADEL will provide innovative platform technology, methodology and tools for development, deployment, and certification of adaptive MILS systems for CI, to be demonstrated in three industrial CI use cases. The solution enables robust and resilient CI through monitoring and adaptive self-healing mechanisms that respond to natural and malicious occurrences by intelligently reconfiguring hosts, functions, and networks, while maintaining essential functions and defences. CITADEL is based on MILS, an approach featuring modular construction and compositional assurance, reducing the time and cost for development, certification, and maintenance of dependable systems. The MILS platform, based on a separation kernel, manages physical resources while establishing and enforcing a verified application architecture. Leveraging advances from the D-MILS and EURO-MILS projects, CITADEL will extend the MILS approach by adding dynamic reconfiguration to the MILS platform, and Monitoring and Adaptation Systems enabling resilience to adversity while preserving vital system properties. CITADEL supports certification of Adaptive MILS systems by analyzing configuration change mechanisms, adaptation system, configuration properties, and configuration change policies with automated verification tools, and by providing an innovative runtime evidence management agent to automatically generate up-to-date certification assurance artifacts as the system adapts.

Loading Kaspersky Lab collaborators
Loading Kaspersky Lab collaborators