WO2002033525A3 - A method and system for detecting rogue software - Google Patents

A method and system for detecting rogue software Download PDF

Info

Publication number
WO2002033525A3
WO2002033525A3 PCT/SG2001/000213 SG0100213W WO0233525A3 WO 2002033525 A3 WO2002033525 A3 WO 2002033525A3 SG 0100213 W SG0100213 W SG 0100213W WO 0233525 A3 WO0233525 A3 WO 0233525A3
Authority
WO
WIPO (PCT)
Prior art keywords
fingerprints
calculated
files
rogue software
computer system
Prior art date
Application number
PCT/SG2001/000213
Other languages
French (fr)
Other versions
WO2002033525A2 (en
Inventor
Shyne-Song Chuang
Original Assignee
Shyne-Song Chuang
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shyne-Song Chuang filed Critical Shyne-Song Chuang
Priority to US10/399,540 priority Critical patent/US20040039921A1/en
Priority to AU2001296205A priority patent/AU2001296205A1/en
Publication of WO2002033525A2 publication Critical patent/WO2002033525A2/en
Publication of WO2002033525A3 publication Critical patent/WO2002033525A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity

Abstract

A method of detecting rogue software includes the step of creating a first database containing pre-calculated fingerprints for each file relating to typical operating systems and application software, wherein the pre-calculated fingerprints are calculated using one or more cryptographic formulae. The one or more cryptographic formulae are then used to calculate fingerprints of files on a computer system which is to be scanned for rogue software. The fingerprints calculated for the files on the computer system are compared with the fingerprints which are contained in the first database of pre-calculated fingerprints. Files on the computer system which may contain rogue software are identified by identifying files the calculated fingerprints of which do not correspond to the pre-calculated fingerprints which are stored in the first database.
PCT/SG2001/000213 2000-10-17 2001-10-17 A method and system for detecting rogue software WO2002033525A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US10/399,540 US20040039921A1 (en) 2000-10-17 2001-10-17 Method and system for detecting rogue software
AU2001296205A AU2001296205A1 (en) 2000-10-17 2001-10-17 A method and system for detecting rogue software

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG200005973 2000-10-17
SG200005973-3 2000-10-17

Publications (2)

Publication Number Publication Date
WO2002033525A2 WO2002033525A2 (en) 2002-04-25
WO2002033525A3 true WO2002033525A3 (en) 2003-03-06

Family

ID=20430680

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2001/000213 WO2002033525A2 (en) 2000-10-17 2001-10-17 A method and system for detecting rogue software

Country Status (3)

Country Link
US (1) US20040039921A1 (en)
AU (1) AU2001296205A1 (en)
WO (1) WO2002033525A2 (en)

Families Citing this family (100)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8347086B2 (en) * 2000-12-18 2013-01-01 Citibank, N.A. System and method for automatically detecting and then self-repairing corrupt, modified of non-existent files via a communication medium
WO2002093334A2 (en) * 2001-04-06 2002-11-21 Symantec Corporation Temporal access control for computer virus outbreaks
GB0121497D0 (en) * 2001-09-05 2001-10-24 Cryptic Software Ltd Network security
GB0212318D0 (en) 2002-05-28 2002-07-10 Symbian Ltd Tamper evident removable media storing executable code
US7349345B1 (en) * 2002-05-31 2008-03-25 Sprint Communications Company L.P. Method and apparatus for testing communications between a network edge device and a customer premises device
US7367056B1 (en) 2002-06-04 2008-04-29 Symantec Corporation Countering malicious code infections to computer files that have been infected more than once
GB2391965B (en) 2002-08-14 2005-11-30 Messagelabs Ltd Method of, and system for, heuristically detecting viruses in executable code
US7337471B2 (en) * 2002-10-07 2008-02-26 Symantec Corporation Selective detection of malicious computer code
US7260847B2 (en) * 2002-10-24 2007-08-21 Symantec Corporation Antivirus scanning in a hard-linked environment
EP1420323A1 (en) * 2002-11-18 2004-05-19 Koninklijke KPN N.V. Method and system for distribution of software components
US7318092B2 (en) * 2003-01-23 2008-01-08 Computer Associates Think, Inc. Method and apparatus for remote discovery of software applications in a networked environment
US20040158546A1 (en) * 2003-02-06 2004-08-12 Sobel William E. Integrity checking for software downloaded from untrusted sources
US7293290B2 (en) * 2003-02-06 2007-11-06 Symantec Corporation Dynamic detection of computer worms
US7246227B2 (en) * 2003-02-10 2007-07-17 Symantec Corporation Efficient scanning of stream based data
US7308578B2 (en) * 2003-03-06 2007-12-11 International Business Machines Corporation Method and apparatus for authorizing execution for applications in a data processing system
US7546638B2 (en) 2003-03-18 2009-06-09 Symantec Corporation Automated identification and clean-up of malicious computer code
GB2400932B (en) * 2003-04-25 2005-12-14 Messagelabs Ltd A method of,and system for,heuristically determining that an unknown file is harmless by using traffic heuristics
GB2400933B (en) * 2003-04-25 2006-11-22 Messagelabs Ltd A method of, and system for, heuristically detecting viruses in executable code by detecting files which have been maliciously altered
EP1634136A1 (en) 2003-05-13 2006-03-15 International Business Machines Corporation System for real-time healing of vital computer files
US7739278B1 (en) 2003-08-22 2010-06-15 Symantec Corporation Source independent file attribute tracking
JP4174392B2 (en) * 2003-08-28 2008-10-29 日本電気株式会社 Network unauthorized connection prevention system and network unauthorized connection prevention device
US20050091658A1 (en) * 2003-10-24 2005-04-28 Microsoft Corporation Operating system resource protection
US20050091535A1 (en) * 2003-10-24 2005-04-28 Microsoft Corporation Application identity for software products
US7761569B2 (en) * 2004-01-23 2010-07-20 Tiversa, Inc. Method for monitoring and providing information over a peer to peer network
US8156175B2 (en) * 2004-01-23 2012-04-10 Tiversa Inc. System and method for searching for specific types of people or information on a peer-to-peer network
BRPI0400265A (en) * 2004-03-10 2006-02-07 Legitimi Ltd Requesting device hardware and software subscription-based information service access control system
US7130981B1 (en) 2004-04-06 2006-10-31 Symantec Corporation Signature driven cache extension for stream based scanning
US8239946B2 (en) * 2004-04-22 2012-08-07 Ca, Inc. Methods and systems for computer security
WO2005114414A1 (en) * 2004-04-22 2005-12-01 Computer Associates Think, Inc. Methods and systems for computer security
US7861304B1 (en) 2004-05-07 2010-12-28 Symantec Corporation Pattern matching using embedded functions
US7627898B2 (en) * 2004-07-23 2009-12-01 Microsoft Corporation Method and system for detecting infection of an operating system
GB2416956B (en) * 2004-07-29 2007-09-19 Nec Technologies Method of testing integrity of a mobile radio communications device and related apparatus
US7712135B2 (en) * 2004-08-05 2010-05-04 Savant Protection, Inc. Pre-emptive anti-virus protection of computing systems
EP1643336A1 (en) * 2004-09-30 2006-04-05 Siemens Aktiengesellschaft Clear product identification
US7697520B2 (en) * 2005-04-12 2010-04-13 Tiversa, Inc. System for identifying the presence of Peer-to-Peer network software applications
US9178940B2 (en) * 2005-04-12 2015-11-03 Tiversa Ip, Inc. System and method for detecting peer-to-peer network software
USRE47628E1 (en) 2005-04-12 2019-10-01 Kroll Information Assurance, Llc System for identifying the presence of peer-to-peer network software applications
FR2887385B1 (en) * 2005-06-15 2007-10-05 Advestigo Sa METHOD AND SYSTEM FOR REPORTING AND FILTERING MULTIMEDIA INFORMATION ON A NETWORK
US7895654B1 (en) 2005-06-27 2011-02-22 Symantec Corporation Efficient file scanning using secure listing of file modification times
US7975303B1 (en) 2005-06-27 2011-07-05 Symantec Corporation Efficient file scanning using input-output hints
GB0513375D0 (en) 2005-06-30 2005-08-03 Retento Ltd Computer security
US7874001B2 (en) * 2005-07-15 2011-01-18 Microsoft Corporation Detecting user-mode rootkits
US20070028291A1 (en) * 2005-07-29 2007-02-01 Bit 9, Inc. Parametric content control in a network security system
US8984636B2 (en) * 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US7895651B2 (en) * 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8272058B2 (en) * 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US8479174B2 (en) * 2006-04-05 2013-07-02 Prevx Limited Method, computer program and computer for analyzing an executable computer file
US20070289016A1 (en) * 2006-06-13 2007-12-13 Sanjay Pradhan Bi-modular system and method for detecting and removing harmful files using signature scanning
US8239915B1 (en) 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
CN101137160B (en) * 2006-09-01 2010-04-21 华为技术有限公司 Method and system to detect tracing state and tracing proxy, tracking control server
WO2008057508A2 (en) * 2006-11-07 2008-05-15 Tiversa, Inc. System and method for peer-to-peer compensation
EP2082326A4 (en) * 2006-11-07 2012-02-15 Tiversa Inc System and method for enhanced experience with a peer to peer network
CN101622849B (en) * 2007-02-02 2014-06-11 网圣公司 System and method for adding context to prevent data leakage over a computer network
IL181426A (en) * 2007-02-19 2011-06-30 Deutsche Telekom Ag Automatic extraction of signatures for malware
JP5174888B2 (en) * 2007-04-12 2013-04-03 タイヴァーサ・インコーポレーテッド System and method for creating shared information list of peer-to-peer network related applications
JP5539863B2 (en) * 2007-06-11 2014-07-02 タイヴァーサ・インコーポレーテッド System and method for advertising on a P2P network
US7886049B2 (en) * 2007-12-21 2011-02-08 Architecture Technology Corporation Extensible software tool for investigating peer-to-peer usage on a target device
US9076342B2 (en) 2008-02-19 2015-07-07 Architecture Technology Corporation Automated execution and evaluation of network-based training exercises
US9015842B2 (en) 2008-03-19 2015-04-21 Websense, Inc. Method and system for protection against information stealing software
US8407784B2 (en) * 2008-03-19 2013-03-26 Websense, Inc. Method and system for protection against information stealing software
US9130986B2 (en) 2008-03-19 2015-09-08 Websense, Inc. Method and system for protection against information stealing software
US8800048B2 (en) * 2008-05-20 2014-08-05 Microsoft Corporation Software protection through interdependent parameter cloud constrained software execution
KR100996855B1 (en) * 2008-08-29 2010-11-26 주식회사 안철수연구소 System and method for servicing normal file database
US20100064048A1 (en) * 2008-09-05 2010-03-11 Hoggan Stuart A Firmware/software validation
GB2463467B (en) * 2008-09-11 2013-03-06 F Secure Oyj Malware detection method and apparatus
GB2469308B (en) * 2009-04-08 2014-02-19 F Secure Oyj Disinfecting a file system
US9130972B2 (en) * 2009-05-26 2015-09-08 Websense, Inc. Systems and methods for efficient detection of fingerprinted data and information
US8863279B2 (en) * 2010-03-08 2014-10-14 Raytheon Company System and method for malware detection
US8819827B1 (en) * 2010-11-10 2014-08-26 Open Invention Network, Llc Method and apparatus of performing data executable integrity verification
US10067787B2 (en) 2011-02-10 2018-09-04 Architecture Technology Corporation Configurable forensic investigative tool
US10057298B2 (en) 2011-02-10 2018-08-21 Architecture Technology Corporation Configurable investigative tool
US8726387B2 (en) * 2011-02-11 2014-05-13 F-Secure Corporation Detecting a trojan horse
US10574630B2 (en) 2011-02-15 2020-02-25 Webroot Inc. Methods and apparatus for malware threat research
US8438532B2 (en) 2011-04-19 2013-05-07 Sonatype, Inc. Method and system for scoring a software artifact for a user
US8612936B2 (en) 2011-06-02 2013-12-17 Sonatype, Inc. System and method for recommending software artifacts
US8732831B2 (en) 2011-07-14 2014-05-20 AVG Netherlands B.V. Detection of rogue software applications
US8627270B2 (en) 2011-09-13 2014-01-07 Sonatype, Inc. Method and system for monitoring a software artifact
US8473894B2 (en) 2011-09-13 2013-06-25 Sonatype, Inc. Method and system for monitoring metadata related to software artifacts
US9141378B2 (en) 2011-09-15 2015-09-22 Sonatype, Inc. Method and system for evaluating a software artifact based on issue tracking and source control information
US8656343B2 (en) 2012-02-09 2014-02-18 Sonatype, Inc. System and method of providing real-time updates related to in-use artifacts in a software development environment
US9349011B2 (en) * 2012-05-16 2016-05-24 Fisher-Rosemount Systems, Inc. Methods and apparatus to identify a degradation of integrity of a process control system
US8825689B2 (en) * 2012-05-21 2014-09-02 Sonatype, Inc. Method and system for matching unknown software component to known software component
US9141408B2 (en) 2012-07-20 2015-09-22 Sonatype, Inc. Method and system for correcting portion of software application
US9396349B1 (en) * 2012-11-02 2016-07-19 Emc Corporation Method and apparatus for sharing data from a secured environment
US9241259B2 (en) 2012-11-30 2016-01-19 Websense, Inc. Method and apparatus for managing the transfer of sensitive information to mobile devices
US9135263B2 (en) 2013-01-18 2015-09-15 Sonatype, Inc. Method and system that routes requests for electronic files
CN103905423B (en) * 2013-12-25 2017-08-11 武汉安天信息技术有限责任公司 A kind of harmful advertising member detection method and system analyzed based on dynamic behaviour
US9854029B1 (en) * 2014-11-04 2017-12-26 Amazon Technologies, Inc. Systems for determining improper assignments in statistical hypothesis testing
US10083624B2 (en) 2015-07-28 2018-09-25 Architecture Technology Corporation Real-time monitoring of network-based training exercises
US10803766B1 (en) 2015-07-28 2020-10-13 Architecture Technology Corporation Modular training of network-based training exercises
US9971594B2 (en) 2016-08-16 2018-05-15 Sonatype, Inc. Method and system for authoritative name analysis of true origin of a file
US10749890B1 (en) 2018-06-19 2020-08-18 Architecture Technology Corporation Systems and methods for improving the ranking and prioritization of attack-related events
US10817604B1 (en) 2018-06-19 2020-10-27 Architecture Technology Corporation Systems and methods for processing source codes to detect non-malicious faults
US11258789B2 (en) 2018-12-04 2022-02-22 Forcepoint Llc System and method for fingerprint validation
US11429713B1 (en) 2019-01-24 2022-08-30 Architecture Technology Corporation Artificial intelligence modeling for cyber-attack simulation protocols
US11128654B1 (en) 2019-02-04 2021-09-21 Architecture Technology Corporation Systems and methods for unified hierarchical cybersecurity
US11887505B1 (en) 2019-04-24 2024-01-30 Architecture Technology Corporation System for deploying and monitoring network-based training exercises
US11403405B1 (en) 2019-06-27 2022-08-02 Architecture Technology Corporation Portable vulnerability identification tool for embedded non-IP devices
US11444974B1 (en) 2019-10-23 2022-09-13 Architecture Technology Corporation Systems and methods for cyber-physical threat modeling
US11503075B1 (en) 2020-01-14 2022-11-15 Architecture Technology Corporation Systems and methods for continuous compliance of nodes

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6021491A (en) * 1996-11-27 2000-02-01 Sun Microsystems, Inc. Digital signatures for data streams and data archives
WO2000028420A1 (en) * 1998-11-09 2000-05-18 Symantec Corporation Antivirus accelerator for computer networks

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5050212A (en) * 1990-06-20 1991-09-17 Apple Computer, Inc. Method and apparatus for verifying the integrity of a file stored separately from a computer
US6122738A (en) * 1998-01-22 2000-09-19 Symantec Corporation Computer file integrity verification

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6021491A (en) * 1996-11-27 2000-02-01 Sun Microsystems, Inc. Digital signatures for data streams and data archives
WO2000028420A1 (en) * 1998-11-09 2000-05-18 Symantec Corporation Antivirus accelerator for computer networks

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"MECHANISM FOR TRUSTED COMPUTING BASE DEFINITION AND CHECKING", IBM TECHNICAL DISCLOSURE BULLETIN, IBM CORP. NEW YORK, US, vol. 34, no. 9, 1 February 1992 (1992-02-01), pages 188 - 191, XP000300643, ISSN: 0018-8689 *
WILLIAMS R N: "DATA INTEGRITY WITH VERACITY", INTERNET, 12 September 1994 (1994-09-12), XP002096828, Retrieved from the Internet <URL:ftp://ftp.rocksoft.com/clients/rocksoft/papers/vercty10.ps> [retrieved on 19940912] *

Also Published As

Publication number Publication date
AU2001296205A1 (en) 2002-04-29
US20040039921A1 (en) 2004-02-26
WO2002033525A2 (en) 2002-04-25

Similar Documents

Publication Publication Date Title
WO2002033525A3 (en) A method and system for detecting rogue software
WO2001065371A3 (en) Method and system for updating an archive of a computer file
SG140612A1 (en) Secure electronic delivery seal for information handling system
EP1253502A3 (en) Trusted computer system
WO2004086171A3 (en) Methods and apparatus for facilitating a transaction
WO2001069455A3 (en) A system and method for analyzing a query and generating results and related questions
EP0837383A3 (en) Method and apparatus for data verification
JP2002506248A5 (en)
WO2006012317A3 (en) Methods and systems for indexing files and adding associated metadata to index and metadata databases based upon the power state of a data processing device
EP0919942A3 (en) Database relationship analysis and strategy implementation tool
IL164502A0 (en) System and method for detecting malicious code
WO2004051444A3 (en) Providing a secure execution mode in a pre-boot environment
WO2005060484A3 (en) Generic token-based authentication system
WO2004051585A3 (en) Identity authentication system and method
ATE435466T1 (en) VIRUS DETECTION SYSTEM
SG142159A1 (en) Index structure of metadata, method for providing indices of metadata, and metadata searching method and apparatus using the indices of metadata
WO2005003920A3 (en) Method and system for augmenting web content
WO2004114075A3 (en) Method, system, and apparatus for identification number authentication
WO2005047862A3 (en) Apparatus method and medium for identifying files using n-gram distribution of data
MXPA05007150A (en) Policy engine and methods and systems for protecting data.
WO2000023863A3 (en) Determining differences between two or more metadata models
SG142156A1 (en) Index structure of metadata, method for providing indices of metadata, and metadata searching method and apparatus using the indices of metadata
WO2002022223A3 (en) Transaction signature
WO2003054747A3 (en) Method and apparatus for managing components in an it system
EP1189128A3 (en) Secure system and method for accessing files in computers using fingerprints

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 10399540

Country of ref document: US

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP