Moscow, Russia
Moscow, Russia

Kaspersky Lab is an international group operating in almost 200 countries and territories worldwide. The company is headquartered in Moscow, Russia, with its holding company registered in the United Kingdom. Kaspersky Lab currently employs over 2,850 qualified specialists. It has 31 representative territory offices in 30 countries and its products and technologies provide service for over 300 million users and over 250,000 corporate clients worldwide. The company is specially focused on large enterprises, and small and medium-sized businesses. Wikipedia.

SEARCH FILTERS
Time filter
Source Type

Patent
Kaspersky Lab | Date: 2017-05-17

Disclosed are systems and method for encrypted transmission of web pages. One exemplary method comprises: receiving, by a proxy server, a web page requested by a user device; analyzing, by a hardware processor of the proxy server, the received web page to identify code of elements of the web page; selecting one or more identified elements of the web page for encryption; encrypting, by the hardware processor, the code of the one or more selected elements; generating, by the hardware processor, a script containing the encrypted code of the one or more selected elements; modifying the web page, by the hardware processor, by replacing in the web page the code of the one or more selected elements with the script containing the encrypted code of said one or more selected elements; and transmitting, by the proxy server, the modified web page to the user device.


Patent
Kaspersky Lab | Date: 2017-04-05

Disclosed are examples of systems and methods for detection of phishing scripts. An exemplary method comprises: generating a bytecode of a script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and hash sums in one or more groups of hash sums of known phishing scripts; identifying at least one group of hash sums that contains a hash sum whose degree of similarity with the hash sum of the bytecode is within a threshold; determining a coefficient of compactness of the identified group of hash sums and a coefficient of trust of the identified group of hash sums; and determining whether the script is a phishing script based on the degree of similarity, the coefficient of compactness and the coefficient of trust.


Disclosed are systems and methods for detecting modified or corrupted external devices connected to a computer system. An exemplary method includes storing in a database, data that relates to devices previously connected to the computer system and rules that specify conditions that indicate when the device should be further analyzed as being possibly corrupted. The method further includes receiving from the device data that relates to the device or to a connection between the device and the computer system; performing an analysis of the received data by comparing the received data and the stored data relating to devices previously connected to the computer system; and applying results of the analysis of the received data to the rules to determine whether the at least one condition is satisfied that indicates that the device is possibly modified or corrupted and should be further analyzed for presence of malware.


The present disclosure pertains to data security, and more specifically, to a method and system of user authentication using an electronic digital signature of the user. An exemplary method includes obtaining biometric data of the user, calculating a biometric key based on the biometric data, identifying encrypted confidential information of the user in an electronic database and decrypting the identified confidential information of the user using the calculated biometric key. Furthermore, the method includes calculating a cryptographic key using a first portion of the decrypted confidential information of the user; generating an electronic digital signature of the user based on the cryptographic key; verifying the electronic digital signature using a second portion of the decrypted confidential information; and authenticating the user to access the data if the electronic digital signature is verified.


Disclosed are system and method for detecting malicious code in random access memory. An exemplary method comprises: detecting, by a hardware processor, a process of an untrusted program on the computer; identifying, by the hardware processor, function calls made by the process of the untrusted program, including inter-process function calls made by the process to a destination process; determining, by the hardware processor, whether to perform malware analysis of a code in an address space of the destination process that was subject of an inter-process function call made by the process of the untrusted program; and when it is determined to perform malware analysis, analyzing the code in an address space of the destination process that was subject of an inter-process function call made by the process of the untrusted program using antivirus software executable by the hardware processor.


Disclosed are systems and method for detection of malicious encryption programs. An example method comprises: intercepting, at a server, a file operation request from a client on a file stored on the server; collecting information about at least the requested file and the requested operation; determining, by a hardware processor of the server, based on the collected information, whether the file operation request came from a known malicious encryption program; when the file operation request came from an unknown program, then calculating, by the hardware processor, entropies of at least a portion of the file before and after the execution of the requested operation on the file; and calculating, by the hardware processor, a difference between the calculated entropies; when the difference is below a threshold, allowing the requested operation on the file; and when the difference is above the threshold, denying the requested operation on the file.


Disclosed are systems and methods for controlling installation of programs on a computer. An exemplary system is configured to detect installation of an unknown program on a computer; suspend installation of the unknown program; execute the unknown program in a secure environment; detect undesirable actions of the unknown program, including: actions performed by the program without knowledge of a user, actions for accessing personal user data on the computer, and actions effecting users working with other programs or operating system of the computer; determine whether the unknown program is undesirable or not based on the detected undesirable actions of the program; when the unknown program is determined be undesirable, prompt the user to select whether to allow or prohibit installation of the undesirable program on the computer; and when the unknown program is determined not to be undesirable, allow installation of the unknown program on the computer.


Disclosed are systems and methods for eliminating vulnerabilities of smart devices connected to a data network. An example method includes: identifying a router providing access to the data network, obtaining access to the network and transmitting a request through the data network to obtain access to a smart device on the network. Furthermore, the method includes accessing the smart device to obtain its settings, comparing the settings with known vulnerabilities, determining an action for repairing the a network vulnerability associated with the settings of the device, and transmitting instructions to the smart device to perform the action to repair network vulnerability associated with the setting.


A method and system are provided for performing an antivirus scan of a file on a virtual machine. An example method includes performing a first execution of the file on the virtual machine, recording a first log that includes an API function call and an internal event detected during execution, and determining if any signatures in the log are stored in a signatures database. Moreover, if no signatures in the first log are found in the first database of signatures, the file is classified as not malicious. In contrast, if at least one signature is found, a second execution of the file is perform and a second log is recorded that includes a detected internal event. Moreover, the method includes determining if any signatures in the second log are stored in a second database of signatures; and classifying the file as not malicious if no signatures are found.


Patent
Kaspersky Lab | Date: 2017-09-20

A method and system is provided for eliminating vulnerabilities on a data network including a router for directing data in the data network. An example method includes transmitting a request through the data network to obtain access to a device coupled to the data network; accessing the device to obtain a list of available resources of the device; comparing each of the available resources of the device with resource rules in a database to identify network vulnerabilities associated with the available resources and determining an action for repairing the network vulnerabilities associated with the available resources of the device. Furthermore, according to the method, instructions can be transmitted to the device to perform the action for repairing the network vulnerabilities associated with the available resources.

Loading Kaspersky Lab collaborators
Loading Kaspersky Lab collaborators