Kaspersky Lab Patents Technology forthe Easy Revealof Obfuscated Malware

Kaspersky Lab has just received a technology patent entitled “System and Method for Detecting Harmful Files Executable on a Virtual Stack Machine”. The new technology, included in Kaspersky Internet Security and Kaspersky Total Security products, allows the security solutions to reveal malicious files trying to hide themselves with different re-packing methods.

Last year,the number of Adobe Flash Player exploits significantly increased. Malicious files created for this platform can be hidden from detectionby security products, for example, by re-packing malicious files or embedding “trash” instructions into them.In some cases, the exploit is re-packed for each different user meaning each victim is hit with a unique malicious file. As a result, the process of detection by traditional methods (such as signature or heuristics analysis)is hampered.The patented technology was developed to make detection of such malware easier.

Kaspersky Lab’s experts created a universal hash-sum representing a check-sum which is calculated based on the byte-code of the analyzed malicious files, detecting the whole group of malicious files at once. This approach allows malicious files to be detected,regardless of the way used to protect the analyzed file from being detected by the security product.At this stage, the patented technology is aimed at the detection of malicious files created by .NET and ActionScript frameworks.

Alexander Liskin, Heuristic Detection Group Manager at Kaspersky Lab, a co-author of this technology says: “This kind of hash-sum referring not only to a certain filebut group of files is very useful, because it can be easily integrated into automatic detection systems and allows detection of numerous objects with a single record. In the long term, such hash-sums can be created for other types of malicious files that use virtual stack machines”.

Anton Ivanov, Senior Malware Analyst at Kaspersky Lab, a co-author of this technology, adds: “It is worth mentioning that applying these hash-sums has achieved great resultsin the field of detection of SWF exploits, which arethe most popular type at the moment. Due to the implementation of such a technology service for SWF exploits, auto-detecting has also been put into operation.”

To read more about the patent #US009396334follow the link. Kaspersky Lab currently has over 450 technology patents.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threatintelligence and security expertise is constantly transforming into security solutions and services toprotect businesses, critical infrastructure, governments and consumers around the globe. Thecompany’s comprehensive security portfolio includes leading endpoint protection and a number ofspecialized security solutions and services to fight sophisticated and evolving digital threats. Over400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporateclients protect what matters most to them. Learn more at www.kaspersky.com.