System information
34 Kaspersky Internet Security 2009
TYPE
NAME
DESCRIPTION
Client-SMTP
SMTP clients
These programs send e-mail
messages and hide this activity.
Intruders install them on the users'
computers to send spam using users'
identities.
WebToolbar
Web toolbars
These programs add their own
search toolbars to other applications'
toolbars.
FraudTool
Fraud programs
These programs camouflage as other
real programs. For example,
fraudulent anti-virus programs display
messages about detecting malware
programs, but they do not find or
disinfect anything.
METHODS OF DETECTING INFECTED,
SUSPICIOUS AND POTENTIALLY DANGEROUS
OBJECTS BY THE APPLICATION
Kaspersky Internet Security detects malware programs in objects using two
methods: reactive (using databases) and proactive (using heuristic analysis).
The application’s databases contain records that are used to identify any of the
hundreds of thousands known threats in scanned objects. These records contain
information both about the control sections of the malware programs' code, and
algorithms for disinfecting the objects containing these programs. Kaspersky
Lab's anti-virus analysts analyze hundreds of new malware programs on a daily
basis, create records that identify them and include them in updates to the
database files.
If, in a scanned object, Kaspersky Internet Security detects sections of code that
fully match the control code sections of a malware program based on a database
record, it sets the object’s status to infected: if there is a partial match, the status
is set to suspicious.
Using the proactive method, the application can detect new malicious programs
which are not yet listed in the database.