Kaspersky Lab obtains patent method for rootkits
Kaspersky Lab has obtained a patent for a method of detecting malware that has been masked by rootkits – special programs capable of altering the outcomes of system functions. Patent No. 8677492 issued by the US Patent and Trademark Office describes the operation of a security solution with a special module that duplicates some functions of the operating system’s kernel, so the security solution has reliable information even if the OS is infected with a rootkit.
Cybercriminals use rootkits to prevent security solutions detecting malicious programs such as Trojans. To do this, a rootkit masquerades as a legal driver, integrates with the OS kernel, intercepts system function calls from applications and modifies the results of their operation, deleting any references to files and processes related to the Trojan. This means the presence of malicious code can be masked – a dangerous program becomes invisible to the user and to other applications.
“Masking malware programs with the help of rootkits makes it much more difficult for anti-malware solutions to detect threats. This newly patented technology provides a reliable method to identify objects that are disguised in the system, helping counteract the most dangerous attacks,” commented Vyacheslav Rusakov, Malware Expert at Kaspersky Lab and author of the patent.
This method of detecting malicious code that conceals its presence in the system has been implemented in Kaspersky Lab’s home and corporate products, including Kaspersky Internet Security, Kaspersky PURE and Kaspersky Endpoint Security for Business.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.