Kaspersky Fraud Prevention
Proactive detection of cross-channel fraud in Real Time
Rootkit - A malicious program that applies different techniques of concealing malicious code and activities from detection and counteracts against attempted remediation by antivirus. Anti-Rootkit technology, part of Kaspersky Lab’s multi-layered, next generation protection, detects active infection by these rootkit programs and remediates systems from this type of infection.
In most cases, a rootkit includes a driver (or chain of drivers), functions in kernel mode, and performs some or all the following functionality:
Malware writers are interested in functioning their malicious code during long periods of time on a targeted host, even in case of running antivirus software. For this purpose they need to operate different techniques to hamper detection and remediation of the active infection. They may use both documented and undocumented methods of Operation System. RootKits are known to use different approaches of interception in user mode and in kernel mode, manipulations with objects (DKOM), techniques of bypassing filter-drivers and callback functions, etc. To support persistency on the victim system, RootKits need to start executing on early stages of Operation System boot, so they infect boot sectors, as Primary Boot Record (PBR) and Volume Boot Record (VBR). RootKit with such functionality is called BootKit.
Kaspersky Lab’s Anti-rootkit technologies
This complicated multi-module protection technology implements two approaches for detection and neutralisation of active infection: exact and generic*.
Exact approach: procedures of detection and neutralisation are targeted against particular rootkit techniques, like presence concealing or counteractions to remediation by antivirus. This approach allows protection against a rootkit within a short period of time to cover current outbreaks, saving more time to develop a more generic approach.
Generic approach : Anti-RootKit scans active processes, system modules, memory, AutoRun objects, and provides access to the malware code to other antivirus components such as an emulator, AV engine, static heuristics, behavior-based heuristics empowered by ML model, etc. In case of triggering by any of the listed component, the anti-rootkit disinfects the system.
Anti-rootkit consists of the following components:
*Kaspersky Lab products utilize both of these approaches.
All-in-one security specifically designed for Embedded systems
Kaspersky Small Office Security protects more of the things that matter to your business – including your money, identity & confidential customer information.
Helps protect every aspect of your digital life – on PC, Mac & Android
Gives you a smarter way to protect your family – on PC, Mac, Android, iPhone & iPad
All-in-one security specifically designed for Embedded systems
Kaspersky Small Office Security protects more of the things that matter to your business – including your money, identity & confidential customer information.
Helps protect every aspect of your digital life – on PC, Mac & Android
Gives you a smarter way to protect your family – on PC, Mac, Android, iPhone & iPad
All-in-one security specifically designed for Embedded systems
Behavior Monitoring with Memory Protection provide the most efficient ways to protect against advanced threats and zero-day malware.
The Kaspersky Security Network (KSN) processes cybersecurity-related data and ensures fastest reaction time to new threats
Multi-layered approach allows effective protection against different types of malware.