Tag Archives: technology

The Big Picture.

Last spring (2015), we discovered Duqu 2.0 – a highly professional, very expensive, cyber-espionage operation. Probably state-sponsored. We identified it when we were testing the beta-version of the Kaspersky Anti Targeted Attack (KATA) platform – our solution that defends against sophisticated targeted attacks just like Duqu 2.0.

And now, a year later, I can proudly proclaim: hurray!! The product is now officially released and fully battle ready!

Kaspersky Anti-Targeted Attack Platform

But first, let me now go back in time a bit to tell you about why things have come to this – why we’re now stuck with state-backed cyber-spying and why we had to come up with some very specific protection against it.

(While for those who’d prefer to go straight to the beef in this here post – click here.)

‘The good old days’ – words so often uttered as if bad things just never happened in the past. The music was better, society was fairer, the streets were safer, the beer had a better head, and on and on and on. Sometimes, however, things really were better; one example being how relatively easy it was to fight cyber-pests in years past.

Of course, back then I didn’t think so. We were working 25 hours a day, eight days a week, all the time cursing the virus writers and their phenomenal reproduction rate. Each month (and sometimes more often) there were global worm epidemics and we were always thinking that things couldn’t get much worse. How wrong we were…

At the start of this century viruses were written mainly by students and cyber-hooligans. They’d neither the intention nor the ability to create anything really serious, so the epidemics they were responsible for were snuffed out within days – often using proactive methods. They simply didn’t have any motivation for coming up with anything more ominous; they were doing it just for kicks when they’d get bored of Doom and Duke Nukem :).

The mid-2000s saw big money hit the Internet, plus new technologies that connected everything from power plants to mp3 players. Professional cybercriminal groups also entered the stage seeking the big bucks the Internet could provide, while cyber-intelligence-services-cum-armies were attracted to it by the technological possibilities if offered. These groups had the motivation, means and know-how to create reeeaaaally complex malware and conduct reeeaaaally sophisticated attacks while remaining under the radar.

Around about this time… ‘antivirus died’: traditional methods of protection could no longer maintain sufficient levels of security. Then a cyber-arms race began – a modern take on the eternal model of power based on violence – either attacking using it or defending against its use. Cyberattacks became more selective/pinpointed in terms of targets chosen, more stealthy, and a lot more advanced.

In the meantime ‘basic’ AV (which by then was far from just AV) had evolved into complex, multi-component systems of multi-level protection, crammed full of all sorts of different protective technologies, while advanced corporate security systems had built up yet more formidable arsenals for controlling perimeters and detecting intrusions.

However, that approach, no matter how impressive on the face of it, had one small but critical drawback for large corporations: it did little to proactively detect the most professional targeted attacks – those that use unique malware using specific social engineering and zero-days. Malware that can stay unnoticed to security technologies.

I’m talking attacks carefully planned months if not years in advance by top experts backed by bottomless budgets and sometimes state financial support. Attacks like these can sometimes stay under the radar for many years; for example, the Equation operation we uncovered in 2014 had roots going back as far as 1996!

Banks, governments, critical infrastructure, manufacturing – tens of thousands of large organizations in various fields and with different forms of ownership (basically the basis of today’s world economy and order) – all of it turns out to be vulnerable to these super professional threats. And the demand for targets’ data, money and intellectual property is high and continually rising.

So what’s to be done? Just accept these modern day super threats as an inevitable part of modern life? Give up the fight against these targeted attacks?

No way.

Anything that can be attacked – no matter how sophisticatedly – can be protected to a great degree if you put serious time and effort and brains into that protection. There’ll never be 100% absolute protection, but there is such a thing as maximal protection, which makes attacks economically unfeasible to carry out: barriers so formidable that the aggressors decide to give up putting vast resources into getting through them, and instead go off and find some lesser protected victims. Of course there’ll be exceptions, especially when politically motivated attacks against certain victims are on the agenda; such attacks will be doggedly seen through to the end – a victorious end for the attacker; but that’s no reason to quit putting up a fight.

All righty. Historical context lesson over, now to that earlier mentioned sirloin…

…Just what the doctor ordered against advanced targeted attacks – our new Kaspersky Anti Targeted Attack platform (KATA).

So what exactly is this KATA, how does it work, and how much does it cost?

First, a bit on the anatomy of a targeted attack…

A targeted attack is always exclusive: tailor-made for a specific organization or individual.

The baddies behind a targeted attack start out by scrupulously gathering information on the targets right down to the most minor of details – for the success of an attack depends on the completeness of such a ‘dossier’ almost as much as the budget of the operation. All the targeted individuals are spied on and analyzed: their lifestyles, families, hobbies, and so on. How the corporate network is constructed is also studied carefully. And on the basis of all the information collected an attack strategy is selected.

Next, (i) the network is penetrated and remote (& undetected) access with maximum privileges is obtained. After that, (ii) the critical infrastructure nodes are compromised. And finally, (iii) ‘bombs away!’: the pilfering or destruction of data, the disruption of business processes, or whatever else might be the objective of the attack, plus the equally important covering one’s tracks so no one knows who’s responsible.

The motivation, the duration of the various prep-and-execution stages, the attack vectors, the penetration technologies, and the malware itself – all of it is very individual. But not matter how exclusive an attack gets, it will always have an Achilles’ heel. For an attack will always cause at least a few tiny noticeable happenings (network activity, certain behavior of files and other objects, etc.), anomalies being thrown up, and abnormal network activity. So seeing the bird’s-eye view big picture – in fact the whole picture formed from different sources around the network – makes it possible to detect a break-in.

To collect all the data about such anomalies and the creation of the big picture, KATA uses sensors – special ‘e-agents’ – which continuously analyze IP/web/email traffic plus events on workstations and servers.

For example, we intercept IP traffic (HTTP(s), FTP, DNS) using TAP/SPAN; the web sensor integrates with the proxy servers via ICAP; and the mail sensor is attached to the email servers via POP3(S). The agents are real lightweight (for Windows – around 15 megabytes), are compatible with other security software, and make hardly any impact at all on either network or endpoint resources.

All collected data (objects and metadata) are then transferred to the Analysis Center for processing using various methods (sandbox, AV scanning and adjustable YARA rules, checking file and URL reputations, vulnerability scanning, etc.) and archiving. It’s also possible to plug the system into our KSN cloud, or to keep things internal – with an internal copy of KpSN for better compliance.

Once the big picture is assembled, it’s time for the next stage! KATA reveals suspicious activity and can inform the admins and SIEM (Splunk, Qradar, ArcSight) about any unpleasantness detected. Even better – the longer the system works and the more data accumulates about the network, the more effective it is, since atypical behavior becomes easier to spot.

More details on how KATA works… here.

Ah yes; nearly forgot… how much does all this cost?

Well, there’s no simple answer to that one. The price of the service depends on dozens of factors, including the size and topology of the corporate network, how the solution is configured, and how many accompanying services are used. One thing is clear though: the cost pales into insignificance if compared with the potential damage it prevents.

The abracadabra of anonymous sources.

Who killed JFK?

Who’s controlling the Bermuda Triangle?

What’s the Freemasons’ objective?

Easy! For it turns out that answers to these questions couldn’t be more straightforward. All you have to do is add: ‘according to information from anonymous sources‘, and voila! — there’s your answer — to any question, about anything, or anyone. And the answers are all the more credible – not because of their… credibility – but because of the level of prestige commonly ascribed to the particular media outlet that broke the story.

Just recently, Reuters got a ‘world exclusive’ of jaw-dropping proportions in the antivirus world. The article, filled with sensational – false – allegations, claims Kaspersky Lab (KL), creates very specific, targeted malware, and distributes it anonymously to other anti-malware competitors, with the sole purpose of causing serious trouble for them and harming their market share. Oh yes. But they forgot to add that we conjure all this up during steamy banya sessions, after parking the bears we ride outside.

The Reuters story is based on information provided by anonymous former KL employees. And the accusations are complete nonsense, pure and simple.

Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous. Maybe these sources managed to impress the journalist, but in my view publishing such an ‘exclusive’ – WITHOUT A SHRED OF EVIDENCE – is not what I understand to be good journalism. I’m just curious to see what these ‘ex-employees’ tell the media next time about us, and who might believe their BS.

The reality is that the Reuters story is a conflation of a number of facts with a generous amount of pure fiction.

In 2012-2013, the anti-malware industry suffered badly because of serious problems with false positives. And unfortunately, we were among the companies badly affected. It turned out to be a coordinated attack on the industry: someone was spreading legitimate software laced with malicious code targeting specifically the antivirus engines of many companies, including KL. It remains a mystery who staged the attack, but now I’m being told it was me! I sure didn’t see that one coming, and am totally surprised by this baseless accusation!

Here’s how it happened: in November 2012 our products produced false positives on several files that were in fact legitimate. These were the Steam client, Mail.ru game center, and QQ client. An internal investigation showed that these incidents occurred as the result of a coordinated attack by an unknown third party.

For several months prior to the incidents, through intra-industry information-exchange channels such as the VirusTotal website, our anti-malware research lab repeatedly received numerous slightly modified legitimate files of Steam, Mail.ru and QQ. The creator(s) of these files added pieces of malicious code to them.

Later we came to the conclusion that the attackers might have had prior knowledge of how different companies’ detection algorithms work and injected the malicious code precisely in a place where auto systems would search for it.

These newly received modified files were evaluated as malicious and stored in our databases. In total, we received several dozen legitimate files containing malicious code.

False positives started to appear once the legitimate owners of the files released updated versions of their software. The system compared the files to the malware database – which contained very similar files – and deemed the legitimate files malicious. After that, we upgraded our detection algorithms to avoid such detections.

Meanwhile the attacks continued through 2013 and we continued to receive modified legitimate files. We also became aware that our company was not the only one targeted by this attack: other industry players received these files as well and mistakenly detected them.

In 2013 there was a closed-door meeting among leading cybersecurity and other software industry players that also suffered from the attack – as well as vendors that were not affected by the problem but were aware of it. During that meeting the participants exchanged information about the incidents, tried to figure out the reasons behind them, and worked on an action plan. Unfortunately no breakthrough occurred, though some interesting theories regarding attribution were expressed. In particular, the participants of the meeting considered that some other AV vendor could be behind the attack, or that the attack was an attempt by an unknown but powerful malicious actor to adjust its malware in order to avoid detection by key AV products.

Accusations such as these are nothing new. As far back as the late nineties I’d take with me to press conferences a placard with the word ‘No!’ on it. It saved me so much time. I’d just point to it when every third question was: “Do you write viruses yourselves, for your product to then ‘cure’ the infections?” Oh yeah. Sure. And still today I get asked the same all the time. Do they really think an 18+ year-old business built 100% on trust would be doing such things?

It seems some folks just prefer to presume guilt until innocence is proven. I guess there’ll always be folks like that. C’est la vie. But I really do hope that people will see through these anonymous, silly and groundless accusations… What I can say for sure is that we’ll continue working very closely with the industry to make the digital world safer, and that our commitment and resolve to expose cyberthreats regardless of their source or origin won’t waiver.

.@kaspersky rubbishes claims they poisoned competitors with false positivesTweet

Flickr photostream

Instagram photostream

Independent AV testing in 2014: interesting results!

At KL we’re always at it. Improving ourselves, that is. Our research, our development, our products, our partnerships, our… yes – all that. But for us all to keep improving – and in the right direction – we all need to work toward one overarching goal, or mission. Enter the mission statement…

Ours is saving the world from cyber-menaces of all types. But how well do we do this? After all, a lot, if not all AV vendors have similar mission statements. So what we and – more importantly – the user needs to know is precisely how well we perform in fulfilling our mission – compared to all the rest…

To do this, various metrics are used. And one of the most important is the expert testing of the quality of products and technologies by different independent testing labs. It’s simple really: the better the result on this or that – or all – criteria, the better our tech is at combatting cyber-disease – to objectively better save the world :).

Thing is, out of all the hundreds of tests by the many independent testing centers around the world, which should be used? I mean, how can all the data be sorted and refined to leave hard, meaningful – and easy to understand and compare – results? There’s also the problem of there being not only hundreds of testing labs but also hundreds of AV vendors so, again, how can it all be sieved – to remove the chaff from the wheat and to then compare just the best wheat? There’s one more problem (it’s actually not that complex, I promise – you’ll see:) – that of biased or selective test results, which don’t give the full picture – the stuff of advertising and marketing since year dot.

Well guess what. Some years back we devised the following simple formula for accessible, accurate, honest AV evaluation: the Top-3 Rating Matrix!.

So how’s it work?

First, we need to make sure we include the results of all well-known and respected, fully independent test labs in their comparative anti-malware protection investigations over the given period of time.

Second, we need to include all the different types of tests of the chosen key testers – and on all participating vendors.

Third, we need to take into account (i) the total number of tests in which each vendor took part; (ii) the % of ‘gold medals’; and (iii) the % of top-3 places.

What we get is simplicity, transparency, meaningful sifting, and no skewed ‘test marketing’ (alas, there is such a thing). Of course it would be possible to add into the matrix another, say, 25,000 parameters – just for that extra 0.025% of objectivity, but that would only be for the satisfaction of technological narcissists and other geek-nerds, and we’d definitely lose the average user… and maybe the not-so-average one too.

To summarize: we take a specific period, take into account all the tests of all the best test labs (on all the main vendors), and don’t miss a thing (like poor results in this or that test) – and that goes for KL of course too.

All righty. Theory over. Now let’s apply that methodology to the real world; specifically – the real world in 2014.

First, a few tech details and disclaimers for those of the geeky-nerdy persuasion:

  • Considered in 2014 were the comparative studies of eight independent testing labs (with: years of experience, the requisite technological set-up (I saw some for myself), outstanding industry coverage – both of the vendors and of the different protective technologies, and full membership of AMTSO) : AV-Comparatives, AV-Test, Anti-malware, Dennis Technology Labs, MRG EFFITAS, NSS Labs, PC Security Labs and Virus Bulletin. A detailed explanation of the methodology – in this video and in this document.
  • Only vendors taking part in 35% or more of the labs’ tests were taken into account. Otherwise it would be possible to get a ‘winner’ that did well in just a few tests, but which wouldn’t have done well consistently over many tests – if it had taken part in them (so here’s where we filter out the faux-test marketing).

Soooo… analyzing the results of the tests in 2014, we get……..

….Drums roll….

….mouths are cupped….

….breath is bated….

……..we get this!:

Independent testing 2014:  the results

Read on: Are all washing powder brands the same?…

Enter your email address to subscribe to this blog

Geography lesson.

Every day we release up to 2000 updates for our products.

Every week our users around the globe download those updates over a billion times.

Every month we distribute around four petabytes of updates.

These updates (together with our other technologies) protect you against new cyberthreats. In recent years we’ve been seeing new malware popping up not just every day or every hour, but every minute and even every second! Each year we analyze more than a billion samples of malicious code.

For the average user, receiving antivirus updates is a simple, automatic process. They run silently in the background without disturbing you (and quite right too). However, there’s a lot more to an update than first meets the eye. Updates are merely the tip of a sophisticated iceberg that connects our products to a huge distributed IT system that we built up ourselves using a whole bunch of original ideas and know-how.

That’s the overall scheme. The details get more interesting…

Kaspersky Internet Security Update

Read on: So what actually happens when you update your antivirus?…

The evolution of OS X malware.

Is there any (Mac) OS X-specific malware around?

Oh yes. But for some odd reason I haven’t said anything interesting on this topic for quite a while…

The last time was two and a half years ago. Yes, that’s how long it’s been since the global Flashback worm outbreak that infected 700 thousand Macs worldwide. The security industry made quite a bit of noise about it (and quickly disabled the Flashback botnet), but since then – mostly silence… It might seem to some that ever since there’s been a complete lull on the Mac-malware front and not one bit of iMalware has disturbed Apple Bay’s calm waters…

But they’d be wrong…

Mac malware is not amyth, they do exist

Sure, if you compare the threat levels of picking up some malware on different platforms, at the top of the table, by a long way, as ever, is the most widely used platform – Microsoft Windows. Quite a way behind it is Android – a relatively new kid on the block. Yep, over the past three years the cyber-vermin has been seriously bombarding the poor little green robot with exponentially increasing levels of malicious activity. Meanwhile, in the world of iPhones and iPads, except for very rare cyber-espionage attacks, there have been hardly any successful attacks thereon (despite using various exotic methods). It’s a similar story with Macs too – things are relatively peaceful compared to other platforms; but of late there have been… stirrings – about which I’ll be talking in this post.

Briefly, a few numbers – kinda like an executive summary:

  • The numbers of new for-Mac malware instances detected in the last few years are already in the thousands;
  • In the first eight months of 2014, 25 different ‘families’ of Mac malware were detected;
  • The likelihood of an unprotected Mac becoming infected by some Mac-specific-unpleasantness has increased to about three percent.
In 2013 alone @kaspersky detected ~1700 malware samples for OS XTweet

Read on: let’s dig deeper and look at the situation from a malware expert PoV…

Under the hood – 2015.

We’ve a tradition here at KL (besides the summer birthday bashesNew Year shindigs and the rest, that is). Every summer we launch new versions of our home products. Er, and it’s already the end of summer! (Eh? Where did that go?) So let me give you the highlights of the juiciest new features of our 2015 versions, or, to put it another way – about the latest sly tricks of the cyber-villains that we’ve successfully been busting with our new tech that’s winding its way into KL-2015s :).

All righty, off we go…

Kaspersky Internet Security 2015 - Main Window

What’s new in Kaspersky Internet Security 2015? @e_kaspersky reportsTweet

Read on: The all-seeing eye of Sauron. No more…

AVZ: Heuristics without false positives to combat future threats.

How can you locate and destroy ALL the maliciousness hiding in the sleeping jungles of your computer?

In particular, the extra nasty maliciousness that’s never ever been seen before, which also happens to have a mega-high malevolent-IQ (and is often state sponsored)?

Easy. The answer’s simple: you can’t.

Well, you can at least have a good go at it; but to find the proverbial black malware cat in a pitch black room you need a handful of top-notch pros to do the task manually: expensive. But to do it automatically with a boxed antivirus product – that’s a whole different matter altogether: you normally just get as far as getting on to the scent of super sophisticated infections, but that’s about it. That is, at least, using the old-school AV approach that uses classic antivirus signatures and file scanners.

So what’s the solution?

Again, simple: put some mega brains to hard work – to automate sophisticated-infection seek-and-destroy functions in an AV product.

Read on: So how we do that?…

Holy Java, not holey Java.

Woo-hoo! One more torpedo released by the cyber-delinquents against Microsoft Office has been thwarted by our cunningly tenacious cyber-protection.

Recently a new but fairly common-or-garden attack was discovered: When opening Word documents malicious code was unnoticeably injected into the computer. This wouldn’t have made it into the headlines but for one circumstance: this was a zero-day attack, i.e., one that used a previously unknown vulnerability in MS Office for which there weren’t any remedying patches, and which most antiviruses let slip through their nets. You guessed it – our AV grabbed it with its tightly thatched net in one fell swoop!

What happened was our Automatic Exploit Prevention (AEP) technology detected anomalous behavior and proactively blocked the corresponding attacks. No updates, no waiting, no messing. Zapped immediately.

Zero-days represent a real serious threat these days.

They need to be tackled head on with full force. However, many AVs are fairly useless against the future risk zero-days pose, as they work based mostly on signatures, with ‘protection from future threats’ only ‘provided’ on paper/the box (albeit very pretty paper/a very glossy box:). But of course! After all, genuine – effective! – protection from future threats requires whopping doses of both brain power and development resources. Not every vendor has the former, while even if a vendor has the latter – that doesn’t always clinch it. And this is sooooo not copyable tech we’re talking here…

Unlike what Buddha and new-agers say is a good idea for individuals, we’ve always believed that in IT security you can’t live for today – in the moment. IT Security needs to constantly look to the future and foresee what will be going on in the minds of the cyber-felons – before events occur. A bit like in Minority Report. That’s why ‘proactive’ was on our agenda as far back as the early 90s – back then we cut a dash from the rest of the IT Sec crowd by, among other things, developing heuristics and our emulator. Forward thinking runs in KL blood!

Since then the tech was reinvented, fine-tuned and souped-up, and then around two and a half years ago all the features for protection from exploitation of known and unknown vulnerabilities were all brought together under the umbrella of AEP. And just in time too. For with its help we’ve been able to proactively uncover a whole hodge-podge of targeted attacks, including Red October, MiniDuke and Icefog.

Then came a sudden surge of unhealthy interest in Oracle’s Java, but AEP was ready once again: it did its stuff in combatting all the unhealthiness. Leading AEP into battle was its Java2SW module – specially designed for detecting attacks via Java.

And it’s this module I’ll be telling you about here in the rest of this post.

The software landscape inside a typical computer is a bit like a very old patchwork quilt: loads of patches and as many holes! Vulnerabilities are regularly found in software (and the more popular the product, the more are found and more frequently) and the companies that make the software need to secure them by releasing patches…

…But No. 1: Software developers don’t release patches straight away; some sit on their hands for months!

But No. 2: Most users forget, or simply don’t care, about installing patches, and continue to work with holey software.

However No. 1: The vast majority of computers in the world have antivirus software installed!

So what’s to be done? Simple: Get Java2SW onto the stage. Why? Because it kills two birds with one stone in the Java domain.

Overall, from the standpoint of security Java architecture is rather advanced. Each program is executed in an isolated environment (JVM – Java Virtual Machine), under the supervision of a Security Manager. However, alas, Java became the victim of its own popularity – no matter how well protected the system was, soon enough (in direct proportion to its popularity) vulnerabilities were found. Vulnerabilities are always found sooner or later, and every software vendor needs to be prepared for that, in particular (i) by timely developing protective technologies, (ii) by being real quick in terms of reaction times, and (iii) by informing users how important updating with patches is.

Thing is, with regard to Java, Oracle didn’t make a great job of the just-mentioned prep. In fact they did such shoddy job of it that users en masse started to delete Java from their browsers – no matter how more cumbersome it made opening certain websites.

Judge for yourself: The number of vulnerabilities found in Java in 2010 – 52; in 2011 – 59; in 2012 – 60; in 2013 – 180 (and the year isn’t over yet)! While the number of attacks via vulnerabilities in Java grew in a similarly worrisome way:

Java attacks growing fast

Read on: So what’s so great about Java2SW?…

K-LOVE & KISSES 2014: REASONS TO BE CHEERFUL, PART 3.

“The person needs to be brought round to the idea that he has to part with his money. He needs to be morally disarmed, and his proprietary instincts need to be stifled.”

No, not Don Draper; this is a quote of Ostap Bender, a classic fictional hero from 1930s Russian literature. And no, there’s no relation to the other famous Bender!

Thus, it would appear that, curiously, Mr. Bender knew a thing or two about capitalism, despite being from a Communist country. Hmmm…

Anyway, what he knew is that it’s sometimes possible to make folks part with their hard-earned shekels if they are manipulated the right way – the folks, that is.

Fast-forward to today… and we find this kind of manipulation alive and well – in a modern, hi-tech, cyber kinda way: Today, folks gladly hand over their Benjamins to the crims behind blockers, aka ransomware, an especially sneaky form of computer malevolence. But have no fear, KL users: in the new version of KIS, we’ve got a nice surprise waiting for the blocking blockheads and their blockers.

Ransomware criminal market turnover made up more than $15 million, while the number of victims reached the tens of millions

The principle and tech behind blockers/ransomware are rather simple.

Using one of the various means available (for example, via a software vulnerability), a malicious program is sneaked into computer, which then displays an amusing (not) photo with scary (not – with KIS:) – text, and blocks the desktop and all other programs’ windows.

Unblocking is only possible (well, was possible – see below) by entering a unique code, which of course you can only get from the cyber-tricksters who infected the comp in the first place, and of course – for a fee, through premium SMS numbers or online payment systems. Until you pay the ransom, the comp remains kidnapped – no matter what you do (including Ctrl+Alt+Del), and no matter what programs you try to run (including antivirus); all you see is something like this:

ransomware1

The rise, the decline & the return of ransomware…

K-LOVE & KISSES 2014 – PART 2: ALPHA, BETA, ZETA.

Welcome back folks!

What else new and interesting is to be found under the hood of KIS 2014, missioned to save your data from the cyber-swine? Today’s guest star is ZETA Shield technology.

ZETA Shield I think might be best described as a high-tech antivirus microscope for the detection and elimination of the most cunning of malware, which hides deep in the bowels of the inner recesses of complicated files. In short, this is our unique defense technology against future threats, one which can track down unknown cyber-contagion in the most unexpected places.

To understand the concept better, let’s take a set of traditional Russian dolls.

Antivirus should unpack the nested essence of malware like a Russian doll. But it’s not quite as simple as just that.

Open one and you find another inside, and nested inside that one – another, and so on and so on. And in terms of where troublesome programs hide, this is a pretty good analogy. Malware tries its hardest to embed itself into the very essence of its surroundings, and even uses digital ‘plastic surgery’ to change its appearance and hide from antivirus programs. It puts itself into archives, crypto-containers, multimedia files, office documents, scripts etc., etc. – the possibilities are endless. The task of the antivirus program is to delve into the actual essence of all these different objects, probe the interior, and extract the malware.

So that’s it? Well… no, it’s not quite as simple as just that.

Antivirus programs have long been able to take apart complicated files. For example, ever since the early 90s other companies have been licensing our antivirus engine in particular because of its ability to unpack archived and packed files. But unpacking is only half the job. You need an instrument that’s clever enough to not only take apart complicated files but that can also analyze these ‘Russian dolls’, understand what’s doing what in there, build connections between different events, and finally diagnose; importantly, to do that proactively – without classic signatures and updates. It’s a bit like the detective work that goes into locating potential binary weapons. Such weapons are made up of individual components which on their own are harmless, but when mixed create a deadly weapon.

And this is where ZETA Shield comes in.

And just in time too, as the number and perversity of both targeted and zero-day attacks are on the up and up. These are the very things ZETA is designed to deal with (ZETA = Zero-day Exploits & Targeted Attacks).

zeta_shield_logo

More: KIS 2014 can withstand serious assaults from tomorrow’s malware. Now you too…