Abstract: Disclosed are system and method for building statistical models of malicious elements of web pages. One exemplary method comprises: obtaining, by a control server, data about malicious elements of web pages; transforming, by the control server, the obtained data into at least one N-dimensional vector; creating, by the control server, at least one cluster based on elements of the at least one N-dimensional vector; and building, by the control server, the statistical model of the malicious elements of the web page based on the created at least one cluster.

Abstract: Disclosed are system and method for building statistical models of malicious elements of web pages. One exemplary method comprises: obtaining, by a control server, data about malicious elements of web pages; transforming, by the control server, the obtained data into at least one N-dimensional vector; creating, by the control server, at least one cluster based on elements of the at least one N-dimensional vector; and building, by the control server, the statistical model of the malicious elements of the web page based on the created at least one cluster.

Abstract: Disclosed are system and method for detecting anomalous or malicious elements of a web page. One exemplary method comprises: obtaining data about elements of a tested web page; generating at least one N-dimensional vector characterizing elements of the tested web page; retrieving a statistical model of known malicious web page elements; comparing the at least one N-dimensional vector with clusters of the statistical model of known malicious web page elements, by measuring the distance of the N-dimensional vector of the element and centers of all clusters of the statistical model; and identifying at least one malicious element of the tested web page based on results of the comparison.

Abstract: Disclosed are system and method for detecting anomalous elements of web pages. One exemplary method comprises: obtaining access to a web site, by a client computing device, by requesting a web page associated with the web site via a web server; executing the web page by the client computing device to gather data relating to the web page; determining at least one N-dimensional vector based at least on the gathered data; creating at least one cluster comprising a set of values of coordinates of vectors for at least one element of the web page in N-dimensional space based on the at least one N-dimensional vector; creating a statistical model of the web page based on the at least one cluster; and using the statistical model for detecting anomalous elements of the web page.

Abstract: Disclosed are systems and methods for performing an antivirus scan of a web page by an antivirus system. The system includes an antivirus server and a client module executed by a web browser application. The disclosed technique includes detecting text in markup language of a web page being opened, generating text set in the markup language of the web page, determining a capacity of a communications channel between the client module and the antivirus server, and determining a productivity reserve of the antivirus server. The antivirus server may select a speed of dispatching information from the client module to the antivirus server and performs the antivirus scan of the generated text set in markup language of the web page being opened using a portion of the determined productivity reserve that is allocated based on the selected information dispatching speed.

Abstract: Disclosed are system and method for detecting anomalous or malicious elements of a web page. One exemplary method comprises: obtaining data about elements of a tested web page; generating at least one N-dimensional vector characterizing elements of the tested web page; retrieving a statistical model of known malicious web page elements; comparing the at least one N-dimensional vector with clusters of the statistical model of known malicious web page elements, by measuring the distance of the N-dimensional vector of the element and centers of all clusters of the statistical model; and identifying at least one malicious element of the tested web page based on results of the comparison.

Abstract: Disclosed are system and method for detecting anomalous elements of web pages. One exemplary method comprises: obtaining access to a web site, by a client computing device, by requesting a web page associated with the web site via a web server; executing the web page by the client computing device to gather data relating to the web page; determining at least one N-dimensional vector based at least on the gathered data; creating at least one cluster comprising a set of values of coordinates of vectors for at least one element of the web page in N-dimensional space based on the at least one N-dimensional vector; creating a statistical model of the web page based on the at least one cluster; and using the statistical model for detecting anomalous elements of the web page.

Abstract: Disclosed are system and method for identifying suspicious user behavior during a user's interaction with various banking services. One exemplary method comprises: receiving information relating to user's interaction with two or more banking services from at least two computing devices used by a user for interacting through a user account with each banking service; receiving an identifier of each computing device; determining a model of user behavior based at least on received information and identifers; calculating a probability of fraud based at least on the model of user behavior; determining and forming patterns of suspicious user behavior; and determining whether a current user activity in interacting with at least one banking services is suspicious based at least upon the patterns.