[go: up one dir, main page]

WO2008017950A3 - System and method for protecting a computer from malware (malicious software) in an executable file based on removal criteria - Google Patents

System and method for protecting a computer from malware (malicious software) in an executable file based on removal criteria Download PDF

Info

Publication number
WO2008017950A3
WO2008017950A3 PCT/IB2007/002320 IB2007002320W WO2008017950A3 WO 2008017950 A3 WO2008017950 A3 WO 2008017950A3 IB 2007002320 W IB2007002320 W IB 2007002320W WO 2008017950 A3 WO2008017950 A3 WO 2008017950A3
Authority
WO
WIPO (PCT)
Prior art keywords
executable file
computer
malware
protecting
file based
Prior art date
Application number
PCT/IB2007/002320
Other languages
French (fr)
Other versions
WO2008017950A2 (en
Inventor
Nadathur S. Baskar
Original Assignee
Rudra Technologies Pte Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rudra Technologies Pte Ltd. filed Critical Rudra Technologies Pte Ltd.
Publication of WO2008017950A2 publication Critical patent/WO2008017950A2/en
Publication of WO2008017950A3 publication Critical patent/WO2008017950A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

A system and accompanying method of identifying and removing malware on a computer system based on removal criteria. A detection module identifies an executable file that tampers critical files on the computer or comes through email and attempts to access an address book or send or receive data through the internet. If the attempted process meets removal criterion, then the executable file is removed.
PCT/IB2007/002320 2006-08-10 2007-08-10 System and method for protecting a computer from malware (malicious software) in an executable file based on removal criteria WO2008017950A2 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US83734306P 2006-08-10 2006-08-10
US83734406P 2006-08-10 2006-08-10
US83714006P 2006-08-10 2006-08-10
US60/837,140 2006-08-10
US60/837,343 2006-08-10
US60/837,344 2006-08-10

Publications (2)

Publication Number Publication Date
WO2008017950A2 WO2008017950A2 (en) 2008-02-14
WO2008017950A3 true WO2008017950A3 (en) 2009-08-27

Family

ID=39033339

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/002320 WO2008017950A2 (en) 2006-08-10 2007-08-10 System and method for protecting a computer from malware (malicious software) in an executable file based on removal criteria

Country Status (1)

Country Link
WO (1) WO2008017950A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8281398B2 (en) * 2009-01-06 2012-10-02 Microsoft Corporation Reordering document content to avoid exploits
US9275225B2 (en) 2013-03-15 2016-03-01 Intel Corporation Linear address mapping protection
AU2017283818A1 (en) * 2016-06-16 2019-03-28 Beestripe Llc Method for identifying and removing malicious software

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040034794A1 (en) * 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US20040199827A1 (en) * 2003-04-01 2004-10-07 Muttik Igor Garrievich Malware detection uswing external core characteristics
US7013483B2 (en) * 2003-01-03 2006-03-14 Aladdin Knowledge Systems Ltd. Method for emulating an executable code in order to detect maliciousness
US20060075490A1 (en) * 2004-10-01 2006-04-06 Boney Matthew L System and method for actively operating malware to generate a definition
WO2006047163A2 (en) * 2004-10-26 2006-05-04 Priderock, L.L.C. System and method for identifying and removing malware on a computer system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040034794A1 (en) * 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US7013483B2 (en) * 2003-01-03 2006-03-14 Aladdin Knowledge Systems Ltd. Method for emulating an executable code in order to detect maliciousness
US20040199827A1 (en) * 2003-04-01 2004-10-07 Muttik Igor Garrievich Malware detection uswing external core characteristics
US20060075490A1 (en) * 2004-10-01 2006-04-06 Boney Matthew L System and method for actively operating malware to generate a definition
WO2006047163A2 (en) * 2004-10-26 2006-05-04 Priderock, L.L.C. System and method for identifying and removing malware on a computer system

Also Published As

Publication number Publication date
WO2008017950A2 (en) 2008-02-14

Similar Documents

Publication Publication Date Title
EP3420489B1 (en) Cybersecurity systems and techniques
EP1959367B1 (en) Automatic extraction of signatures for Malware
AU2012347793B2 (en) Detecting malware using stored patterns
US7934261B1 (en) On-demand cleanup system
WO2008092031A3 (en) Computer system architecture having isolated file system management for secure and reliable data processing
US20150047034A1 (en) Composite analysis of executable content across enterprise network
US9239922B1 (en) Document exploit detection using baseline comparison
WO2006121572A3 (en) System and method for scanning obfuscated files for pestware
US20110173698A1 (en) Mitigating false positives in malware detection
EP1751649B1 (en) Systems and method for computer security
CN109983464B (en) Detecting malicious scripts
RU2008142138A (en) PROTECTION AGAINST USE OF VULNERABILITY OF THE SOFTWARE
CA2674327C (en) Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor
WO2006110921A3 (en) System and method for scanning memory for pestware offset signatures
WO2007131105A8 (en) A method and system for spam, virus, and spyware scanning in a data network
WO2017211839A1 (en) Virus detection technologies benchmarking
US20060080737A1 (en) System and method for reducing virus scan time
WO2014044187A2 (en) A method and device for checking and removing computer viruses
CN106529299A (en) Method for detecting and repairing malicious software Rootkit in linux system
WO2008017950A3 (en) System and method for protecting a computer from malware (malicious software) in an executable file based on removal criteria
JP6297425B2 (en) Attack code detection apparatus, attack code detection method, and program
US8925088B1 (en) Method and apparatus for automatically excluding false positives from detection as malware
CN111083307A (en) File detection and cracking method based on steganography
JP6169497B2 (en) Connection destination information determination device, connection destination information determination method, and program
US20170171224A1 (en) Method and System for Determining Initial Execution of an Attack

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (FORM 1205A DATED 11.09.2009)

122 Ep: pct application non-entry in european phase

Ref document number: 07789626

Country of ref document: EP

Kind code of ref document: A2