Abstract: In a computer system, processing of security-related tasks is delegated to various agent computers. According to various embodiments, a distributed computing service obtains task requests to be performed for the benefit of beneficiary computers, and delegates those tasks to one or more remote agent computers for processing. The delegation is based on a suitability determination as to whether each of the remote agent computers is suitable to perform the processing. Suitability can be based on an evaluation of such parameters as computing capacity and current availability of the remote agent computers against the various tasks to be performed and their corresponding computing resource requirements. This evaluation can be performed according to various embodiments by the agent computers, the distributed computing service, or by a combination thereof.

Abstract: A system, method and computer program product for detection of the previously unknown malware, the method comprising: (a) receiving event information and file metadata from a remote computer; (b) identifying whether the event information or the file metadata are indicative of the already known malware presence, indicative of the unknown malware presence, or indicative of malware absence; (c) if the event information or the file metadata are indicative of the known malware or indicative of malware absence, filtering out the event information and the file metadata; (d) performing a risk analysis and risk assessment for the remaining event information and the remaining file metadata to determine if the event and the file metadata are indicative of the previously unknown malware presence; and (e) where performing a risk analysis and risk assessment includes a “parent-child” hierarchy of the files, and the risk assessed to the parent is based on the risk associated with the child.

Abstract: The present disclosure relates generally to the field of computer security and, in particular, to systems for detecting unknown malware. A method comprises generating genes for known malicious and clean objects; analyzing object genes using different malware analysis methods; computing a level of successful detection of malicious objects by one or a combination of malware analysis methods based on analysis of genes of the known malicious objects; computing a level of false positive detections of malicious objects by one or a combination of malware analysis methods based on analysis of genes of known clean objects; measuring effectiveness of each one or the combination of malware analysis methods as a function of the level of successful detections and the level of false positive detections; and selecting one or a combination of the most effective malware analysis methods for analyzing unknown object for malware.

Abstract: In a computer system, processing of security-related tasks is delegated to various agent computers. According to various embodiments, a distributed computing service obtains task requests to be performed for the benefit of beneficiary computers, and delegates those tasks to one or more remote agent computers for processing. The delegation is based on a suitability determination as to whether each of the remote agent computers is suitable to perform the processing. Suitability can be based on an evaluation of such parameters as computing capacity and current availability of the remote agent computers against the various tasks to be performed and their corresponding computing resource requirements. This evaluation can be performed according to various embodiments by the agent computers, the distributed computing service, or by a combination thereof.

Abstract: The present disclosure relates generally to the field of computer security and, in particular, to systems for detecting unknown malware. A method comprises generating genes for known malicious and dean objects; analyzing object genes using different malware analysis methods; computing a level of successful detection of malicious objects by one or a combination of malware analysis methods based on analysis of genes of the known malicious objects; computing a level of false positive detections of malicious objects by one or a combination of malware analysis methods based on analysis of genes of known clean objects; measuring effectiveness of each one or the combination of malware analysis methods as a function of the level of successful detections and the level of fake positive detections; and selecting one or a combination of the most effective malware analysis methods for analyzing unknown object for malware.

Abstract: A system, method and computer program product for detection of the previously unknown malware, the method comprising: (a) receiving event information and file metadata from a remote computer; (b) identifying whether the event information or the file metadata are indicative of the already known malware presence, indicative of the unknown malware presence, or indicative of malware absence; (c) if the event information or the file metadata are indicative of the known malware or indicative of malware absence, filtering out the event information and the file metadata; (d) performing a risk analysis and risk assessment for the remaining event information and the remaining file metadata to determine if the event and the file metadata are indicative of the previously unknown malware presence; and (e) where performing a risk analysis and risk assessment includes a “parent-child” hierarchy of the files, and the risk assessed to the parent is based on the risk associated with the child.

Abstract: A system, method and computer program product for detection of epidemics caused by malware programs or computer viruses. Detection of local and global epidemics is performed automatically. A source of an epidemic is calculated and analyzed based on collected statistics. A spread of the epidemic is predicted and an accurate prognosis referring to the time frame and to geographical areas of the epidemic spread is made. The prognosis is made based on a calculated value of “connection strength” coefficient. The connection strength coefficient reflects a volume of information exchange (i.e., a number and a quality of connection channels) between the countries. An epidemic is detected in its infancy and its spread is monitored in time and propagation across different countries. Then, effective security and protection measures can be invoked in a timely manner.