OREANDA-NEWS. Kaspersky Lab has patented a new technology to reveal malicious files that can be hidden from the detection of security software products. The patent is titled, “System and Method for Detecting Harmful Files Executable on a Virtual Stack Machine.”

The new technology is included in Kaspersky Internet Security and Kaspersky Total Security products, allowing the security solutions to uncover malicious files trying to hide themselves with different re-packing methods.

Last year, the number of Adobe Flash Player exploits significantly increased. Malicious files created for this platform can be hidden by re-packing malicious files or embedding “trash” instructions into them. In some cases, the exploit is re-packed for each different user meaning each victim is hit with a unique malicious file. As a result, the process of detection by traditional methods (such as signature or heuristics analysis) is hampered. The new patented technology was developed to make detection of such malware easier.

Kaspersky Lab’s experts created a universal hash-sum representing a check-sum which is calculated based on the byte-code of the analyzed malicious files, detecting the whole group of malicious files at once. This approach allows malicious files to be detected, regardless of the way used to protect the analyzed file from being detected by the security product. At this stage, the patented technology is aimed at the detection of malicious files created by .NET and ActionScript frameworks.

“This kind of hash-sum referring not only to a certain file but group of files is very useful, because it can be easily integrated into automatic detection systems and allows detection of numerous objects with a single record, said Alexander Liskin, Heuristic Detection Group Manager at Kaspersky Lab, and co-author of this technology. “In the long term, such hash-sums can be created for other types of malicious files that use virtual stack machines.”

“It is worth mentioning that applying these hash-sums has achieved great results in the field of detection of SWF exploits, which are the most popular type at the moment,” said Anton Ivanov, Senior Malware Analyst at Kaspersky Lab, and co-author of this technology. “Due to the implementation of such a technology service for SWF exploits, auto-detecting has also been put into operation.”

 Kaspersky Lab currently has over 450 patents.