Abstract: A method and system is provided for detecting malicious files on a virtual machine in a distributed network. An example method includes, receiving, by a thin client operating on the virtual machine, data relating to characteristics of computing resources of servers in the distributed network with each server being able to scan files to detect malicious files. The method for includes obtaining a on the virtual machine, identifying and selecting, using the data relating to characteristics of the computing resources, one of the servers to perform the scan of the file on the virtual machine, and transmitting to the selected server the file for scanning.

Abstract: Disclosed are systems and methods for controlling execution of programs on a computer. An exemplary method includes detecting an unknown program installed on a computer; identifying undesirable actions performed by the unknown program on the computer, wherein the undesirable actions include at least one of: actions performed by the program without knowledge of a user, actions for accessing personal user data on the computer, and actions effecting user's working with other programs or operating system of the computer determining whether the unknown program is undesirable or not based on the identified undesirable actions of the program; when the unknown program is determined be undesirable, prompting the user to select whether to allow or prohibit execution of the undesirable program on the computer; and when the unknown program is determined not to be undesirable, allowing execution of the unknown program on the computer.

Abstract: Disclosed are systems and methods for counteracting unauthorized access to microphone data. An example method include storing, in a data buffer, audio data received from an audio endpoint device, installing, a software driver associated with the audio session, where the software driver prevents access to the audio data by unauthorized software applications, and receiving process identifier data from a software application requesting to access the audio data stored in the data buffer. Furthermore, the method includes determining whether the application requesting access to the audio data is an unauthorized software application and controlling the software driver to prevent access to the audio data by the determined unauthorized software application.

Abstract: Disclosed are systems and method for generating a set of antivirus records to be used for detection of malicious files on a user's devices. An exemplary method includes maintaining, by a server, a database of malicious files; generating, by the server, at least one antivirus record for each malicious file; calculating an effectiveness of each antivirus record by determining how many different malicious files were detected using each antivirus record; generating a set of most effective antivirus records; and transmitting, by the server, the set of most effective antivirus records to a client device.

Abstract: Disclosed are exemplary aspects of systems and methods for blocking execution of scripts. An exemplary method comprises: intercepting a request for a script from a client to a server; generating a bytecode of the intercepted script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database; identifying a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity; determining a coefficient of trust of the similar hash sum; determining whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and blocking the execution of the malicious script on the client.

Abstract: Disclose are system, method and computer program product for detection of malware on a user's computing device. An exemplary method comprises: detecting, by an antivirus application executing of the user's computing device, that an antivirus record is activated on the computing device for detecting a maliciousness of a software object, the antivirus record having a selected status indicator indicating at least one of: a working record, a test record, or an inactive record; in response to detecting the antivirus record having working or test status, checking, by the antivirus application, for a correction of the antivirus record with an antivirus server, wherein said correction includes a change in the status of the antivirus record; in response to receiving from the antivirus server the correction of the antivirus record, using by the antivirus application said correction for processing of the software object.

Abstract: Disclosed are systems, methods and computer program products for encryption of user data for storage on a remote network server. In one aspect, an example method includes collecting, by a software client, one or more sets of user authentication data from a user device; performing user authentication using one or more sets of user authentication data; when user authentication is successful, calculating a hash of at least one set of the user authentication data; generating an encryption key from the hash of the user authentication data; encrypting the user data using the generated encryption key; and transmitting the encrypted user data to the remote network server for storage.

Abstract: Disclosed is a system and method for restoring modified data. An example method includes intercepting, by an activity tracking module, a request from a program to modify data; determining, by an analysis module, parameters of the intercepted request; generating, by the analysis module, a request to generate a backup copy of the data based on at least one of the determined parameters of the intercepted request; and generating and storing, by a backup module, the backup copy of the data in an electronic database.

Abstract: Disclosed are system and method for distributing antivirus records to user devices. An exemplary method includes collecting, by a server, statistics on the use of antivirus records; calculating a coefficient of effectiveness of each antivirus record based on the statistics; identifying one or more most effective antivirus records whose coefficients of effectiveness exceed a predetermined effectiveness threshold; identifying one or more less effective antivirus records whose coefficients of effectiveness do not exceed the predetermined effectiveness threshold; transmitting identified most effective antivirus records to a plurality of user devices for storage in antivirus databases of the user devices; receiving, from the user devices, one or more less effective antivirus records removed from the antivirus databases of the user devices; and storing the received less effective antivirus records in an antivirus database of the server if said antivirus records were not in the antivirus database of the server.

Abstract: Disclosed are systems and method for encrypted transmission of web pages. One exemplary method comprises: receiving, by a proxy server, a web page requested by a user device; analyzing, by a hardware processor of the proxy server, the received web page to identify code of elements of the web page; selecting one or more identified elements of the web page for encryption; encrypting, by the hardware processor, the code of the one or more selected elements; generating, by the hardware processor, a script containing the encrypted code of the one or more selected elements; modifying the web page, by the hardware processor, by replacing in the web page the code of the one or more selected elements with the script containing the encrypted code of said one or more selected elements; and transmitting, by the proxy server, the modified web page to the user device.

Abstract: Disclosed are system, method and computer program product for detecting malicious files on mobile devices. An example method includes: analyzing a file to identify classes and methods contained in said classes; identifying a bytecode array for each identified method; determining instructions contained in each method by identifying a corresponding operation code from the bytecode array of each method; dividing the determined instructions for each method into a plurality of groups based on similarity of functionality among said instructions; forming a vector for each method on the basis of the results of the division of the instructions into the plurality of groups; comparing the formed vectors with a plurality of vectors of known malicious files to determine a degree of similarity between the compared vectors; and determining whether the analyzed file is malicious or clean based on the degree of similarity between the compared vectors.

Abstract: Disclosed are systems and methods for protecting electronic money transactions from fraud and malware. An exemplary method include scanning a computer to detect software objects associated with electronic money that includes at least one of a wallet configured to store electronic money, an electronic money generating application, and data including an interaction history with an electronic exchange for electronic money; identifying and adjusting electronic money security modules configured to provide data security to the detected software objects associated with the electronic money; and executing, by the adjusted electronic money security modules, at least one electronic money transaction involving the electronic money. In one aspect, the electronic money security modules include a wallet protection module, a malware detection module, and a traffic control module.

Abstract: Disclosed are systems and methods for controlling access to data on mobile devices using an accessibility API for users with disabilities.

Abstract: Disclosed are systems and methods for enabling secure execution of code in hypervisor mode. An exemplary method comprises: loading a hypervisor configured to check integrity of protected virtual memory pages; loading a trusted program configured to make hypercalls to the hypervisor; making by the trusted program a first hypercall to the hypervisor; responsive to the first hypercall, generating by the hypervisor a token, which is used by the hypervisor to identify the trusted program during subsequent hypercalls; allocating a memory page for storing the token and a memory address of the hypervisor; and returning the allocated memory page address to the trusted program.

Abstract: Disclosed are systems, methods and computer program products for automating installation of applications. In one aspect, the system launches an application installer of a software application; identifies control elements in an active window of the application installer, wherein the control elements include at least user interface (UI) elements responsible for transitioning the active window to another window of the application installer; transitions to other windows of the application installer and identifies control elements in all other windows of the application installer until the application is installed; generates an automatic installation rule for the application that automatically activates one or more windows of the application installer and one or more control elements of said window to install the application without a participation of a user.

Abstract: Disclosed are systems and methods for controlling access to applications of a mobile device. An example method includes collecting, by a controlled shell of an OS of the mobile device, information about an application of the user device; determining a category designation of the application based on the collected information; determining, by the controlled shell, whether the category designation of the application complies with one or more rules of a usage policy of the mobile device; blocking user access to the application if it is determined that a rule exists prohibiting use of applications in the designated category or if no rule exists permitting use of the applications in the designated category; and permitting user access to the application if it is determined that a rule exists allowing use of applications in the designated category or if no rule exists prohibiting use of the applications in the designated category.

Abstract: Disclosed are exemplary aspects of systems and methods for detection of phishing scripts. An exemplary method comprises: generating a bytecode of a script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and hash sums in one or more groups of hash sums of known phishing scripts; identifying at least one group of hash sums that contains a hash sum whose degree of similarity with the hash sum of the bytecode is within a threshold; determining a coefficient of compactness of the identified group of hash sums and a coefficient of trust of the identified group of hash sums; and determining whether the script is a phishing script based on the degree of similarity, the coefficient of compactness and the coefficient of trust.

Abstract: The present disclosure pertains to data security, and more specifically, to a method and system of user authentication using an electronic digital signature of the user. An exemplary method includes obtaining biometric data of the user, calculating a biometric key based on the biometric data, identifying encrypted confidential information of the user in an electronic database and decrypting the identified confidential information of the user using the calculated biometric key. Furthermore, the method includes calculating a cryptographic key using a first portion of the decrypted confidential information of the user; generating an electronic digital signature of the user based on the cryptographic key; verifying the electronic digital signature using a second portion of the decrypted confidential information; and authenticating the user to access the data if the electronic digital signature is verified.

Abstract: Disclosed is a system and method for controlling access of a native image of a machine code to resources of an operating system of a device. An example method includes obtaining the native image of the machine code; identifying a parent assembly from which the native image was created; determining and forming a correspondence between the native image and the parent assembly based at least upon a template; in response to detecting an update to the native image, generating an updated image of the native image; determining whether there is a correspondence between the updated image of the native image and the parent assembly based at least upon the template; and in response to detecting no correspondence between the updated image of the native image and the parent assembly, restricting an access of the updated image of the native image to the resources of the operating system of the device.

Abstract: Disclosed are systems, methods and computer program products for controlling access to encrypted files. In one aspect, the system detects a request from an application to access an encrypted file. The system identifies the application that requested access to the encrypted file and one or more file access policies associated with the application. The file access policy specifies at least a file access method associated with the application. The system then controls access to the file based on the identified one or more file access policies.