New technology bootkit counteraction

Kaspersky Lab: New technology bootkit counteraction

Special malicious programs that are downloaded to the operating system and antivirus software (called bootkits), represent one of the most serious threats to your computer.

Often they are able to hide their presence in the computer and operate imperceptibly, not only for the user, but also the security software. New technology can detect activity traces bootkit and effectively oppose him.

Kaspersky Lab patent describes a method for detecting unknown malicious programs using emulation boot. In case of suspicious changes in the MBR (Master Boot Record, MBR) technology allows you to collect data from the disk sectors involved in the loading, puts them in a special container that preserves the physical parameters of the disk to its exact emulation, and then transmits the Kaspersky Lab for analysis.

The company's specialists reproduces the process of loading the user's computer, analyze the contents of the container received in the case of detection of unknown threats create the proper signatures, separated from the data sent by the original MBR to restore system and take other necessary measures to prevent the bootkit.


In addition, the patented technology can effectively prevent attempts to overwrite the MBR, intercepting all calls to it and scanning the hard disk to use signatures of known threats. In the event of suspicious activity technology blocks access to the MBR, but found a malicious file or data is deleted or sent to quarantine. Thus, the technology Kaspersky Lab can not only quickly and efficiently clean the infected bootkit computer, but also to prevent future reinfection.

The technology has already been successfully applied in a number of products, Kaspersky Lab, including Kaspersky Internet Security, Kaspersky Endpoint Security 8 for Windows and Kaspersky CRYSTAL.

The unique technology of detecting bootkits more than a year is used in many consumer and enterprise product Kaspersky Lab, which helped to improve the quality of security reasons. Its effectiveness in the fight against bootkit confirmed by numerous tests to detect and remove hidden malware, organized laboratory AV-Test.