Moscow, Russia
Moscow, Russia

Kaspersky Lab is an international group operating in almost 200 countries and territories worldwide. The company is headquartered in Moscow, Russia, with its holding company registered in the United Kingdom. Kaspersky Lab currently employs over 2,850 qualified specialists. It has 31 representative territory offices in 30 countries and its products and technologies provide service for over 300 million users and over 250,000 corporate clients worldwide. The company is specially focused on large enterprises, and small and medium-sized businesses. Wikipedia.


Time filter

Source Type

Disclosed are systems and method for generating a set of antivirus records to be used for detection of malicious files on a users devices. An exemplary method includes maintaining, by a server, a database of malicious files; generating, by the server, at least one antivirus record for each malicious file; calculating an effectiveness of each antivirus record by determining how many different malicious files were detected using each antivirus record; generating a set of most effective antivirus records; and transmitting, by the server, the set of most effective antivirus records to a client device.


Patent
Kaspersky Lab | Date: 2016-03-07

Disclosed are exemplary aspects of systems and methods for blocking execution of scripts. An exemplary method comprises: intercepting a request for a script from a client to a server; generating a bytecode of the intercepted script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database; identifying a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity; determining a coefficient of trust of the similar hash sum; determining whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and blocking the execution of the malicious script on the client.


Patent
Kaspersky Lab | Date: 2016-03-07

Disclosed are systems and method for configuring antivirus scans on a computer. An example method comprising: identifying, by a hardware processor, a software object that requires an antivirus scan; collecting, by the hardware processor, information for setting antivirus scan of the object; accessing, by the hardware processor, a data store of antivirus setting rules; selecting, by the hardware processor, a date and time for the start of the antivirus scan of the object based on the collected information and one or more antivirus setting rules; selecting, by the hardware processor, an antivirus scan method based on the collected information, the selected date and time, and one or more antivirus setting rules; and performing, by the hardware processor, an antivirus scan of the object using the selected antivirus scan method and at the selected date and time.


Patent
Kaspersky Lab | Date: 2016-11-08

Systems and methods to detect malicious executable files having a script language interpreter by combining a script emulator and a machine code emulator. A system includes an analyzer configured to convert a script into pseudocode and monitor an emulation process of the pseudocode, a script emulator configured to sequentially emulate the pseudocode and write emulation results to an emulator operation log, and a machine code emulator configured to emulate the pseudocode if a transition from pseudocode to machine code is detected by the analyzer, such that the analyzer can analyze the emulator operation log to determine if the executable file is malicious.


Disclosed are system and method for distributing most effective antivirus records to user devices. An exemplary method includes: collecting, by a server, statistics on the use of a plurality of antivirus records deployed on a plurality of user devices; calculating, by the server, a coefficient of effectiveness of each antivirus record based on the collected statistics on the use of the plurality of antivirus records by the plurality of user devices; identifying, by the server, a group of the plurality of antivirus records having the largest coefficients of effectiveness, wherein the group is a number of the plurality of antivirus records not exceeding a threshold value; and transmitting, by the server, the group of antivirus records to at least one of the plurality of user devices for storage in an antivirus database for use by an antivirus application of the at least one user device.


Patent
Kaspersky Lab | Date: 2017-05-17

Disclosed are systems and method for encrypted transmission of web pages. One exemplary method comprises: receiving, by a proxy server, a web page requested by a user device; analyzing, by a hardware processor of the proxy server, the received web page to identify code of elements of the web page; selecting one or more identified elements of the web page for encryption; encrypting, by the hardware processor, the code of the one or more selected elements; generating, by the hardware processor, a script containing the encrypted code of the one or more selected elements; modifying the web page, by the hardware processor, by replacing in the web page the code of the one or more selected elements with the script containing the encrypted code of said one or more selected elements; and transmitting, by the proxy server, the modified web page to the user device.


Disclosed are system and method for executing calls to a file system of a computer. An exemplary method comprises intercepting, by a software agent, a call to the file system; determining one or more parameters of the call that identify its functionality; determining a priority of executing the call based on the one or more parameters; storing information about the call, the parameters and the priority into a database; selecting from the database, one or more calls for execution based at least in part on relative priorities of execution of the plurality of calls stored in the database; determining whether to execute or not to execute a selected call based on whether the selected call interferes with execution of an earlier selected call; and when the selected call does not interfere with execution of an earlier selected call, passing the selected call to the file system for execution.


Disclosed are systems and methods for controlling access to data of a user device using a security application that provides accessibility services. An exemplary method comprises: executing, on the user device, the security application and one or more user applications; intercepting, by an interception module of the security application using a plurality of accessibility API functions, data accessed by a user application being executed on the user device; determining, by a categorization module of the security application, a category of intercepted data; intercepting, by the interception module using the accessibility API functions, one or more events of users interaction with a user interface of the user application; and determining, by an access control module of the security application, an access control policy that specifies and controls whether to allow a users access to the intercepted data based on the category of intercepted data and types of intercepted events.


Disclosed are systems and methods for controlling access to data on mobile devices using an accessibility API for users with disabilities. An exemplary method comprises: registering on a mobile device a security application as a service for users with disabilities, wherein the security application provides an accessibility API for the users with disabilities that comprises a plurality of accessibility API functions; intercepting, using the accessibility API, data accessed by a user application being executed on the user device; determining, by the security application, a category of intercepted data; intercepting, using the accessibility API, events of execution of the user application on the user device; determining, by the security application, an access control policy for accessing the intercepted data based on the category of intercepted data and intercepted events; and controlling, using the accessibility API, access of the user application to the intercepted data based on the determined access control policy.


Grant
Agency: European Commission | Branch: H2020 | Program: IA | Phase: DS-03-2015 | Award Amount: 6.07M | Year: 2016

Critical infrastructures (CI) rely on complex safety- and security-critical ICT systems placed into unpredictable environments and forced to cope with unexpected events and threats while exhibiting safe adaptive behavior. Recent security trends stress continuous adaptation to increase attacker work factor and to confound reverse-engineering. Critical CI systems must undergo extensive and costly scrutiny under diverse certification regimes. Improved, effective and affordable development and certification methods are essential. CITADEL will provide innovative platform technology, methodology and tools for development, deployment, and certification of adaptive MILS systems for CI, to be demonstrated in three industrial CI use cases. The solution enables robust and resilient CI through monitoring and adaptive self-healing mechanisms that respond to natural and malicious occurrences by intelligently reconfiguring hosts, functions, and networks, while maintaining essential functions and defences. CITADEL is based on MILS, an approach featuring modular construction and compositional assurance, reducing the time and cost for development, certification, and maintenance of dependable systems. The MILS platform, based on a separation kernel, manages physical resources while establishing and enforcing a verified application architecture. Leveraging advances from the D-MILS and EURO-MILS projects, CITADEL will extend the MILS approach by adding dynamic reconfiguration to the MILS platform, and Monitoring and Adaptation Systems enabling resilience to adversity while preserving vital system properties. CITADEL supports certification of Adaptive MILS systems by analyzing configuration change mechanisms, adaptation system, configuration properties, and configuration change policies with automated verification tools, and by providing an innovative runtime evidence management agent to automatically generate up-to-date certification assurance artifacts as the system adapts.

Loading Kaspersky Lab collaborators
Loading Kaspersky Lab collaborators