Abstract: A method for protecting subscriber data includes intercepting network traffic associated with a call. The network traffic includes call parameters and call stream data. A first set of the call parameters is analyzed. A first probability value of the call being declared as unwanted is determined. The call stream data is analyzed to define a second set of call parameters. The first set of call parameters is reanalyzed based on the second set. A second probability value of the call being declared as unwanted is determined. A determination is made if the second probability value exceeds a second threshold value. The call is declared as unwanted, in response to determining that the second probability value exceeds the second threshold. The first and second sets of call parameters are transmitted to an application configured to protect data of a protected subscriber.

Abstract: Disclosed herein are methods and systems for detecting a source of malicious activity in a computer system. An exemplary method comprises gathering information related to the objects of the computer system, forming a graph based on the information gathered on the objects, selecting at least two induced subgraphs (hereinafter, subgraph) from the resulting graph, determining the coefficient of harmfulness for each selected subgraph, the coefficient of harmfulness representing a numerical characteristic describing the strength of the relations between the vertices of that subgraph, determining, from the selected subgraphs, a subgraph whose coefficient of harmfulness is a minimum among the determined coefficients of harmfulness of the subgraphs, and the total coefficient of harmfulness of the subgraphs related to that subgraph is a maximum, identifying the object correlated with at least one vertex of the determined subgraph as a source of the malicious activity in the computer system.

Abstract: Systems and methods for detecting malicious activity in a computer system. One or more graphs can be generated based on information objects about the computer system and relationships between the information objects, where the information objects are vertices in the graphs and the relationships are edges in the graphs. Comparison of generated graphs to existing graphs can determine a likelihood of malicious activity.

Abstract: Systems and methods for detecting malicious activity in a computer system. One or more graphs can be generated based on information objects about the computer system and relationships between the information objects, where the information objects are vertices in the graphs and the relationships are edges in the graphs. Comparison of generated graphs to existing graphs can determine a likelihood of malicious activity.

Abstract: Disclosed herein are methods and systems for detecting a source of malicious activity in a computer system. An exemplary method comprises gathering information related to the objects of the computer system, forming a graph based on the information gathered on the objects, selecting at least two induced subgraphs (hereinafter, subgraph) from the resulting graph, determining the coefficient of harmfulness for each selected subgraph, the coefficient of harmfulness representing a numerical characteristic describing the strength of the relations between the vertices of that subgraph, determining, from the selected subgraphs, a subgraph whose coefficient of harmfulness is a minimum among the determined coefficients of harmfulness of the subgraphs, and the total coefficient of harmfulness of the subgraphs related to that subgraph is a maximum, identifying the object correlated with at least one vertex of the determined subgraph as a source of the malicious activity in the computer system.

Abstract: Systems and methods for detecting malicious activity in a computer system. One or more graphs can be generated based on information objects about the computer system and relationships between the information objects, where the information objects are vertices in the graphs and the relationships are edges in the graphs. Comparison of generated graphs to existing graphs can determine a likelihood of malicious activity.

Abstract: Online transaction security is improved by detecting a start of an online financial transaction between a user-controlled online transaction application and a remote payment service. A protected data input module, a protected environment module, and a safe data transfer module each provides a corresponding set of protection operations. A risk level of conducting the financial transaction is assessed based on a vulnerability assessment and on present condition of the local computing system. An initial degree of protection for each of the modules is set, and subsequently adjusted based on the risk level.

Abstract: System and method for detecting malicious activity in a computer network that includes hosts and connectors between the hosts. Network pathways to a plurality of investigated hosts are explored. A graph is formed based on results of the exploring of the network pathways. The graph represents topology of explored portions of the computer network, including connectors (e.g., communication links) between the investigated hosts and intermediary hosts situated along explored pathways that include the investigated hosts, and an indication of a prevalence of connectors in pathways to each of the investigated hosts. The prevalence of connectors along pathways to each of the investigated hosts is compared against a threshold, and any suspicious host situated along pathways to a common investigated host that is associated with a connector having a low prevalence that is below the prevalence threshold is identified. An access restriction can be associated with the suspicious host.

Abstract: Disclosed are some aspects of systems and methods for providing security for online transactions. An example method includes determining, at a security service, that an online transaction related to a payment service has been initiated at a computer by a user of the computer, collecting first information from the computer and second information from the payment service, and determining, based on the collected information, whether the online transaction is suspicious These aspects further include, when the online transaction is determined to be suspicious, determining whether a malicious program can be identified on the computer and when the malicious program is identified, performing corresponding remedial actions with respect to the detected malicious program.

Abstract: Disclosed are some aspects of systems and methods for providing security for online transactions. An example method includes determining, at a security service, that an online transaction related to a payment service has been initiated at a computer by a user of the computer, collecting first information from the computer and second information from the payment service, and determining, based on the collected information, whether the online transaction is suspicious. These aspects further include, when the online transaction is determined to be suspicious, determining whether a malicious program can be identified on the computer and when the malicious program is identified, performing corresponding remedial actions with respect to the detected malicious program.

Abstract: Online transaction security is improved by detecting a start of an online financial transaction between a user-controlled online transaction application and a remote payment service. A protected data input module, a protected environment module, and a safe data transfer module each provides a corresponding set of protection operations. A risk level of conducting the financial transaction is assessed based on a vulnerability assessment and on present condition of the local computing system. An initial degree of protection for each of the modules is set, and subsequently adjusted based on the risk level.

Abstract: Disclosed a portable personal security device and methods for secure communication. In one example, the personal security device may wirelessly connect to a user device and collect information about the user device. The personal security device may then assess security characteristics of the user device based on the collected information. When the user device is determined to be unsecure, the personal security devices may instruct the user to use a secure internet application of the personal security device instead of an unsecure internet application of the user device. In addition, the personal security device may instruct the user to use a secure data input device of the personal security device instead of an unsecure data input device of the user device. The personal security device then receives via the secure data input device a user input data for the secure internet application, and transmit it to the user device.

Abstract: System and method for detecting malicious activity in a computer network that includes hosts and connectors between the hosts. Network pathways to a plurality of investigated hosts are explored. A graph is formed based on results of the exploring of the network pathways. The graph represents topology of explored portions of the computer network, including connectors (e.g., communication links) between the investigated hosts and intermediary hosts situated along explored pathways that include the investigated hosts, and an indication of a prevalence of connectors in pathways to each of the investigated hosts. The prevalence of connectors along pathways to each of the investigated hosts is compared against a threshold, and any suspicious host situated along pathways to a common investigated host that is associated with a connector having a low prevalence that is below the prevalence threshold is identified. An access restriction can be associated with the suspicious host.

Abstract: Disclosed are systems, methods and computer program products for detecting computer malware. In one example, a security server receives information about a suspicious software object detected by a client computer using one or more malware detection methods. The server identifies the malware detection methods used to detect the suspicious object, and selects one or more different malware detection methods to check whether the suspicious object is malicious or clean. The server analyzes the suspicious object using the selected one or more different malware analysis methods to check whether the object is malicious or clean. If the object is determined to be malicious, the server generates and sends to the client computer detection instructions specific to the one or more malware detection methods used by the client computer for detecting and blocking the malicious object on the client computer.

Abstract: Disclosed a portable personal security device and methods for secure communication. In one example, the personal security device may wirelessly connect to a user device and collect information about the user device. The personal security device may then assess security characteristics of the user device based on the collected information. When the user device is determined to be unsecure, the personal security devices may instruct the user to use a secure internet application of the personal security device instead of an unsecure internet application of the user device. In addition, the personal security device may instruct the user to use a secure data input device of the personal security device instead of an unsecure data input device of the user device. The personal security device then receives via the secure data input device a user input data for the secure internet application, and transmit it to the user device.

Abstract: Disclosed a portable security device and methods for secure user authentication. The security device stores operating system agents that enable communication with user devices that have different operating systems. The security device also stores user authentication data for accessing different Internet resources by the user devices. The security devices connects to the user device using an operating system agent corresponding to the operating system of the user device, and receives from the user device a request to access an Internet resource. The security device select user authentication data associated with the requested Internet resource, and obtains the requested Internet resource using the selected user authentication data.

Abstract: System and methods for restricting accessibility to harmful content on a computer network. Network pathways are explored to study a plurality of investigated hosts from a plurality of diverse entry points into the computer network. The investigated hosts are checked whether they are malicious hosts believed to contain harmful content. For any of the investigated hosts that are malicious hosts, intermediary hosts having connectors to those malicious hosts are identified based on the exploring of the network pathways. An access restriction is associated with each of the intermediary hosts, which can be used to block or otherwise restrict access to the intermediary hosts, which may or may not themselves contain malicious content.

Abstract: Disclosed herein are systems, methods and computer program products for providing secure Internet access to a user device in an unsecure network environment, such as a public wireless network. The system includes a portable security device configured to establishing a first secure direct wireless connection with the user device and a second secure network connection through the public wireless network to a security server, which provides Internet access. The security device provides Internet browser and e-mail application, which can be used instead of unsecure applications of the user device to access Web resources through the first and second secure network connections. In addition, the security device includes a secure keyboard, which can be used by the device user instead of the unsecure keyboard of the user device to enter user authentication data for accessing the desired Web resources.

Abstract: Disclosed herein are systems, methods and computer program products for providing secure Internet access to a user device in an unsecure network environment, such as a public wireless network. The system includes a portable security device configured to establishing a first secure direct wireless connection with the user device and a second secure network connection through the public wireless network to a security server, which provides Internet access. The security device provides Internet browser and e-mail application, which can be used instead of unsecure applications of the user device to access Web resources through the first and second secure network connections. In addition, the security device includes a secure keyboard, which can be used by the device user instead of the unsecure keyboard of the user device to enter user authentication data for accessing the desired Web resources.

Abstract: Disclosed herein are systems, methods and computer program products for providing secure Internet access to a user device in an unsecure network environment, such as a public wireless network. The system includes a portable security device configured to establishing a first secure direct wireless connection with the user device and a second secure network connection through the public wireless network to a security server, which provides Internet access. The security device provides Internet browser and e-mail application, which can be used instead of unsecure applications of the user device to access Web resources through the first and second secure network connections. In addition, the security device includes a secure keyboard, which can be used by the device user instead of the unsecure keyboard of the user device to enter user authentication data for accessing the desired Web resources.