WO2007124416A3 - Backwards researching activity indicative of pestware - Google Patents
Backwards researching activity indicative of pestware Download PDFInfo
- Publication number
- WO2007124416A3 WO2007124416A3 PCT/US2007/067076 US2007067076W WO2007124416A3 WO 2007124416 A3 WO2007124416 A3 WO 2007124416A3 US 2007067076 W US2007067076 W US 2007067076W WO 2007124416 A3 WO2007124416 A3 WO 2007124416A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- pestware
- researching
- backwards
- activity
- activity indicative
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Abstract
A system and method for researching an identity of a source of activity that is indicative of pestware is described. In one embodiment the method comprises monitoring the computer for activity that is indicative of pestware, identifying, based upon the activity, an object residing on the computer that is a suspected pestware object; and accessing at least a portion of a recorded history of sources that the computer received files from so as to identify a reference to an identity of a particular source that the suspected pestware object originated from.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/408,146 US8201243B2 (en) | 2006-04-20 | 2006-04-20 | Backwards researching activity indicative of pestware |
US11/408,146 | 2006-04-20 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007124416A2 WO2007124416A2 (en) | 2007-11-01 |
WO2007124416A3 true WO2007124416A3 (en) | 2007-12-21 |
Family
ID=38596640
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2007/067076 WO2007124416A2 (en) | 2006-04-20 | 2007-04-20 | Backwards researching activity indicative of pestware |
Country Status (2)
Country | Link |
---|---|
US (2) | US8201243B2 (en) |
WO (1) | WO2007124416A2 (en) |
Families Citing this family (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7480683B2 (en) | 2004-10-01 | 2009-01-20 | Webroot Software, Inc. | System and method for heuristic analysis to identify pestware |
US20070016951A1 (en) * | 2005-07-13 | 2007-01-18 | Piccard Paul L | Systems and methods for identifying sources of malware |
US8181244B2 (en) | 2006-04-20 | 2012-05-15 | Webroot Inc. | Backward researching time stamped events to find an origin of pestware |
US8190868B2 (en) | 2006-08-07 | 2012-05-29 | Webroot Inc. | Malware management through kernel detection |
US8713513B2 (en) * | 2006-12-13 | 2014-04-29 | Infosys Limited | Evaluating programmer efficiency in maintaining software systems |
US20090094459A1 (en) * | 2007-10-09 | 2009-04-09 | Schneider Jerome L | Method and system for associating one or more pestware-related indications with a file on a computer-readable storage medium of a computer |
US8650648B2 (en) | 2008-03-26 | 2014-02-11 | Sophos Limited | Method and system for detecting restricted content associated with retrieved content |
US8521732B2 (en) * | 2008-05-23 | 2013-08-27 | Solera Networks, Inc. | Presentation of an extracted artifact based on an indexing technique |
US8625642B2 (en) | 2008-05-23 | 2014-01-07 | Solera Networks, Inc. | Method and apparatus of network artifact indentification and extraction |
US8607345B1 (en) * | 2008-12-16 | 2013-12-10 | Trend Micro Incorporated | Method and apparatus for generic malware downloader detection and prevention |
US11489857B2 (en) | 2009-04-21 | 2022-11-01 | Webroot Inc. | System and method for developing a risk profile for an internet resource |
US9390263B2 (en) | 2010-03-31 | 2016-07-12 | Sophos Limited | Use of an application controller to monitor and control software file and application environments |
US8849991B2 (en) | 2010-12-15 | 2014-09-30 | Blue Coat Systems, Inc. | System and method for hypertext transfer protocol layered reconstruction |
US8666985B2 (en) | 2011-03-16 | 2014-03-04 | Solera Networks, Inc. | Hardware accelerated application-based pattern matching for real time classification and recording of network traffic |
US9043903B2 (en) | 2012-06-08 | 2015-05-26 | Crowdstrike, Inc. | Kernel-level security agent |
US9292881B2 (en) | 2012-06-29 | 2016-03-22 | Crowdstrike, Inc. | Social sharing of security information in a group |
US20140074603A1 (en) * | 2012-09-11 | 2014-03-13 | Millmobile Bv | Consumer advertisement targeting platform system |
GB2505529B (en) * | 2012-11-08 | 2014-07-30 | F Secure Corp | Protecting a user from a compromised web resource |
JP6590481B2 (en) * | 2012-12-07 | 2019-10-16 | キヤノン電子株式会社 | Virus intrusion route specifying device, virus intrusion route specifying method and program |
US10409980B2 (en) | 2012-12-27 | 2019-09-10 | Crowdstrike, Inc. | Real-time representation of security-relevant system state |
CN104717616A (en) * | 2013-12-13 | 2015-06-17 | 腾讯科技(深圳)有限公司 | Push message management method and device |
US20150222646A1 (en) | 2014-01-31 | 2015-08-06 | Crowdstrike, Inc. | Tagging Security-Relevant System Objects |
US10289405B2 (en) | 2014-03-20 | 2019-05-14 | Crowdstrike, Inc. | Integrity assurance and rebootless updating during runtime |
US9917851B2 (en) | 2014-04-28 | 2018-03-13 | Sophos Limited | Intrusion detection using a heartbeat |
US10122753B2 (en) | 2014-04-28 | 2018-11-06 | Sophos Limited | Using reputation to avoid false malware detections |
US9798882B2 (en) | 2014-06-06 | 2017-10-24 | Crowdstrike, Inc. | Real-time model of states of monitored devices |
US10050935B2 (en) | 2014-07-09 | 2018-08-14 | Shape Security, Inc. | Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction |
US9258274B2 (en) | 2014-07-09 | 2016-02-09 | Shape Security, Inc. | Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs |
US9729506B2 (en) * | 2014-08-22 | 2017-08-08 | Shape Security, Inc. | Application programming interface wall |
US9800602B2 (en) | 2014-09-30 | 2017-10-24 | Shape Security, Inc. | Automated hardening of web page content |
WO2016072310A1 (en) | 2014-11-05 | 2016-05-12 | キヤノン電子株式会社 | Specification device, control method thereof, and program |
WO2016097757A1 (en) | 2014-12-18 | 2016-06-23 | Sophos Limited | A method and system for network access control based on traffic monitoring and vulnerability detection using process related information |
US10339303B2 (en) | 2015-01-22 | 2019-07-02 | Mcafee, Llc | Detection of malicious invocation of application program interface calls |
US10339316B2 (en) | 2015-07-28 | 2019-07-02 | Crowdstrike, Inc. | Integrity assurance through early loading in the boot phase |
US9928366B2 (en) | 2016-04-15 | 2018-03-27 | Sophos Limited | Endpoint malware detection using an event graph |
GB2566657B8 (en) | 2016-06-30 | 2022-04-13 | Sophos Ltd | Proactive network security using a health heartbeat |
GB2555517B (en) | 2016-08-03 | 2022-05-11 | Sophos Ltd | Mitigation of return-oriented programming attacks |
US10387228B2 (en) | 2017-02-21 | 2019-08-20 | Crowdstrike, Inc. | Symmetric bridge component for communications between kernel mode and user mode |
KR101954623B1 (en) * | 2017-02-27 | 2019-03-06 | 한국전자통신연구원 | Apparatus and method for updating software on the virtualized environment |
US10997303B2 (en) | 2017-09-12 | 2021-05-04 | Sophos Limited | Managing untyped network traffic flows |
US10740459B2 (en) | 2017-12-28 | 2020-08-11 | Crowdstrike, Inc. | Kernel- and user-level cooperative security processing |
US10841333B2 (en) | 2018-01-08 | 2020-11-17 | Sophos Limited | Malware detection using machine learning |
US11616758B2 (en) | 2018-04-04 | 2023-03-28 | Sophos Limited | Network device for securing endpoints in a heterogeneous enterprise network |
US11288385B2 (en) | 2018-04-13 | 2022-03-29 | Sophos Limited | Chain of custody for enterprise documents |
US11552962B2 (en) | 2018-08-31 | 2023-01-10 | Sophos Limited | Computer assisted identification of intermediate level threats |
US11550900B1 (en) | 2018-11-16 | 2023-01-10 | Sophos Limited | Malware mitigation based on runtime memory allocation |
WO2020106512A1 (en) | 2018-11-19 | 2020-05-28 | Sophos Limited | Deferred malware scanning |
US11080395B1 (en) | 2018-11-30 | 2021-08-03 | Capsule8, Inc. | Interactive shell event detection |
CN109815701B (en) * | 2018-12-29 | 2022-04-22 | 奇安信安全技术(珠海)有限公司 | Software security detection method, client, system and storage medium |
US11714905B2 (en) | 2019-05-10 | 2023-08-01 | Sophos Limited | Attribute relevance tagging in malware recognition |
US11727143B2 (en) | 2020-06-22 | 2023-08-15 | Sophos Limited | Live discovery of enterprise threats based on security query activity |
US11775639B2 (en) | 2020-10-23 | 2023-10-03 | Sophos Limited | File integrity monitoring |
US11184454B1 (en) * | 2020-12-21 | 2021-11-23 | Coupang Corp. | Systems and methods for managing perpetual data requests to conserve resources |
US11929992B2 (en) | 2021-03-31 | 2024-03-12 | Sophos Limited | Encrypted cache protection |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998045778A2 (en) * | 1997-04-08 | 1998-10-15 | Marc Zuta | Antivirus system and method |
US20040064515A1 (en) * | 2000-08-31 | 2004-04-01 | Alyn Hockey | Monitoring eletronic mail message digests |
US20050268112A1 (en) * | 2004-05-28 | 2005-12-01 | Microsoft Corporation | Managing spyware and unwanted software through auto-start extensibility points |
Family Cites Families (65)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5721850A (en) | 1993-01-15 | 1998-02-24 | Quotron Systems, Inc. | Method and means for navigating user interfaces which support a plurality of executing applications |
US5623600A (en) | 1995-09-26 | 1997-04-22 | Trend Micro, Incorporated | Virus detection and removal apparatus for computer networks |
US6073241A (en) | 1996-08-29 | 2000-06-06 | C/Net, Inc. | Apparatus and method for tracking world wide web browser requests across distinct domains using persistent client-side state |
US5951698A (en) | 1996-10-02 | 1999-09-14 | Trend Micro, Incorporated | System, apparatus and method for the detection and removal of viruses in macros |
US7058822B2 (en) | 2000-03-30 | 2006-06-06 | Finjan Software, Ltd. | Malicious mobile code runtime monitoring system and methods |
US6167520A (en) | 1996-11-08 | 2000-12-26 | Finjan Software, Inc. | System and method for protecting a client during runtime from hostile downloadables |
US6611878B2 (en) | 1996-11-08 | 2003-08-26 | International Business Machines Corporation | Method and apparatus for software technology injection for operating systems which assign separate process address spaces |
US6154844A (en) | 1996-11-08 | 2000-11-28 | Finjan Software, Ltd. | System and method for attaching a downloadable security profile to a downloadable |
US6141698A (en) | 1997-01-29 | 2000-10-31 | Network Commerce Inc. | Method and system for injecting new code into existing application code |
US5920696A (en) | 1997-02-25 | 1999-07-06 | International Business Machines Corporation | Dynamic windowing system in a transaction base network for a client to request transactions of transient programs at a server |
US6310630B1 (en) | 1997-12-12 | 2001-10-30 | International Business Machines Corporation | Data processing system and method for internet browser history generation |
US6266774B1 (en) | 1998-12-08 | 2001-07-24 | Mcafee.Com Corporation | Method and system for securing, managing or optimizing a personal computer |
US6813711B1 (en) | 1999-01-05 | 2004-11-02 | Samsung Electronics Co., Ltd. | Downloading files from approved web site |
US6460060B1 (en) | 1999-01-26 | 2002-10-01 | International Business Machines Corporation | Method and system for searching web browser history |
US7917744B2 (en) | 1999-02-03 | 2011-03-29 | Cybersoft, Inc. | Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer in instant messaging and peer-to-peer applications |
US6397264B1 (en) | 1999-11-01 | 2002-05-28 | Rstar Corporation | Multi-browser client architecture for managing multiple applications having a history list |
US6535931B1 (en) | 1999-12-13 | 2003-03-18 | International Business Machines Corp. | Extended keyboard support in a run time environment for keys not recognizable on standard or non-standard keyboards |
JP4700884B2 (en) * | 2000-04-28 | 2011-06-15 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Method and system for managing computer security information |
US20050154885A1 (en) | 2000-05-15 | 2005-07-14 | Interfuse Technology, Inc. | Electronic data security system and method |
US7058976B1 (en) * | 2000-05-17 | 2006-06-06 | Deep Nines, Inc. | Intelligent feedback loop process control system |
US20040034794A1 (en) | 2000-05-28 | 2004-02-19 | Yaron Mayer | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages |
US9213836B2 (en) * | 2000-05-28 | 2015-12-15 | Barhon Mayer, Batya | System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages |
US20030159070A1 (en) * | 2001-05-28 | 2003-08-21 | Yaron Mayer | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages |
US6829654B1 (en) | 2000-06-23 | 2004-12-07 | Cloudshield Technologies, Inc. | Apparatus and method for virtual edge placement of web sites |
US6667751B1 (en) | 2000-07-13 | 2003-12-23 | International Business Machines Corporation | Linear web browser history viewer |
US20020162017A1 (en) | 2000-07-14 | 2002-10-31 | Stephen Sorkin | System and method for analyzing logfiles |
US6910134B1 (en) | 2000-08-29 | 2005-06-21 | Netrake Corporation | Method and device for innoculating email infected with a virus |
US6785732B1 (en) | 2000-09-11 | 2004-08-31 | International Business Machines Corporation | Web server apparatus and method for virus checking |
WO2002071227A1 (en) | 2001-03-01 | 2002-09-12 | Cyber Operations, Llc | System and method for anti-network terrorism |
CN1147795C (en) | 2001-04-29 | 2004-04-28 | 北京瑞星科技股份有限公司 | Method, system and medium for detecting and clearing known and anknown computer virus |
US20030065943A1 (en) * | 2001-09-28 | 2003-04-03 | Christoph Geis | Method and apparatus for recognizing and reacting to denial of service attacks on a computerized network |
US7210168B2 (en) | 2001-10-15 | 2007-04-24 | Mcafee, Inc. | Updating malware definition data for mobile data processing devices |
US7107617B2 (en) | 2001-10-15 | 2006-09-12 | Mcafee, Inc. | Malware scanning of compressed computer files |
US20030101381A1 (en) | 2001-11-29 | 2003-05-29 | Nikolay Mateev | System and method for virus checking software |
US6633835B1 (en) | 2002-01-10 | 2003-10-14 | Networks Associates Technology, Inc. | Prioritized data capture, classification and filtering in a network monitoring environment |
US6772345B1 (en) | 2002-02-08 | 2004-08-03 | Networks Associates Technology, Inc. | Protocol-level malware scanner |
US8370936B2 (en) * | 2002-02-08 | 2013-02-05 | Juniper Networks, Inc. | Multi-method gateway-based network security systems and methods |
US20030217287A1 (en) | 2002-05-16 | 2003-11-20 | Ilya Kruglenko | Secure desktop environment for unsophisticated computer users |
US20040024864A1 (en) * | 2002-07-31 | 2004-02-05 | Porras Phillip Andrew | User, process, and application tracking in an intrusion detection system |
US7263721B2 (en) | 2002-08-09 | 2007-08-28 | International Business Machines Corporation | Password protection |
US7509679B2 (en) | 2002-08-30 | 2009-03-24 | Symantec Corporation | Method, system and computer program product for security in a global computer network transaction |
US7832011B2 (en) | 2002-08-30 | 2010-11-09 | Symantec Corporation | Method and apparatus for detecting malicious code in an information handling system |
US20040080529A1 (en) | 2002-10-24 | 2004-04-29 | Wojcik Paul Kazimierz | Method and system for securing text-entry in a web form over a computer network |
US6965968B1 (en) | 2003-02-27 | 2005-11-15 | Finjan Software Ltd. | Policy-based caching |
US20040225877A1 (en) * | 2003-05-09 | 2004-11-11 | Zezhen Huang | Method and system for protecting computer system from malicious software operation |
US20050038697A1 (en) | 2003-06-30 | 2005-02-17 | Aaron Jeffrey A. | Automatically facilitated marketing and provision of electronic services |
US8281114B2 (en) | 2003-12-23 | 2012-10-02 | Check Point Software Technologies, Inc. | Security system with methodology for defending against security breaches of peripheral devices |
US20050273858A1 (en) * | 2004-06-07 | 2005-12-08 | Erez Zadok | Stackable file systems and methods thereof |
US20060085528A1 (en) * | 2004-10-01 | 2006-04-20 | Steve Thomas | System and method for monitoring network communications for pestware |
WO2006101549A2 (en) * | 2004-12-03 | 2006-09-28 | Whitecell Software, Inc. | Secure system for allowing the execution of authorized computer program code |
US7490352B2 (en) * | 2005-04-07 | 2009-02-10 | Microsoft Corporation | Systems and methods for verifying trust of executable files |
US7346611B2 (en) * | 2005-04-12 | 2008-03-18 | Webroot Software, Inc. | System and method for accessing data from a data storage medium |
US20090144826A2 (en) | 2005-06-30 | 2009-06-04 | Webroot Software, Inc. | Systems and Methods for Identifying Malware Distribution |
US7587724B2 (en) * | 2005-07-13 | 2009-09-08 | Symantec Corporation | Kernel validation layer |
US20070074289A1 (en) * | 2005-09-28 | 2007-03-29 | Phil Maddaloni | Client side exploit tracking |
US8079080B2 (en) * | 2005-10-21 | 2011-12-13 | Mathew R. Syrowik | Method, system and computer program product for detecting security threats in a computer network |
US20070094733A1 (en) | 2005-10-26 | 2007-04-26 | Wilson Michael C | System and method for neutralizing pestware residing in executable memory |
US7849185B1 (en) * | 2006-01-10 | 2010-12-07 | Raytheon Company | System and method for attacker attribution in a network security system |
US20070169198A1 (en) * | 2006-01-18 | 2007-07-19 | Phil Madddaloni | System and method for managing pestware affecting an operating system of a computer |
US20070168694A1 (en) * | 2006-01-18 | 2007-07-19 | Phil Maddaloni | System and method for identifying and removing pestware using a secondary operating system |
US7937758B2 (en) * | 2006-01-25 | 2011-05-03 | Symantec Corporation | File origin determination |
US8312479B2 (en) * | 2006-03-08 | 2012-11-13 | Navisense | Application programming interface (API) for sensory events |
US7926111B2 (en) * | 2006-03-17 | 2011-04-12 | Symantec Corporation | Determination of related entities |
US8181244B2 (en) | 2006-04-20 | 2012-05-15 | Webroot Inc. | Backward researching time stamped events to find an origin of pestware |
US20070250818A1 (en) | 2006-04-20 | 2007-10-25 | Boney Matthew L | Backwards researching existing pestware |
-
2006
- 2006-04-20 US US11/408,146 patent/US8201243B2/en active Active
-
2007
- 2007-04-20 WO PCT/US2007/067076 patent/WO2007124416A2/en active Application Filing
-
2012
- 2012-06-06 US US13/490,294 patent/US8719932B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998045778A2 (en) * | 1997-04-08 | 1998-10-15 | Marc Zuta | Antivirus system and method |
US20040064515A1 (en) * | 2000-08-31 | 2004-04-01 | Alyn Hockey | Monitoring eletronic mail message digests |
US20050268112A1 (en) * | 2004-05-28 | 2005-12-01 | Microsoft Corporation | Managing spyware and unwanted software through auto-start extensibility points |
Also Published As
Publication number | Publication date |
---|---|
US8719932B2 (en) | 2014-05-06 |
WO2007124416A2 (en) | 2007-11-01 |
US20120246722A1 (en) | 2012-09-27 |
US20070250817A1 (en) | 2007-10-25 |
US8201243B2 (en) | 2012-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007124416A3 (en) | Backwards researching activity indicative of pestware | |
WO2007124417A3 (en) | Backwards researching time stamped events to find an origin of pestware | |
EP2350933A4 (en) | Performance analysis of applications | |
WO2008091785A3 (en) | System and method for determining data entropy to identify malware | |
WO2007009009A3 (en) | Systems and methods for identifying sources of malware | |
WO2007131078A3 (en) | Inflammatory condition progression, diagnosis and treatment monitoring methods, systems, apparatus, and uses | |
WO2009115957A3 (en) | Distributed spectrum sensing | |
GB2455944A (en) | Method and system for detecting faults in a process plant | |
DE60333631D1 (en) | BEHAVIOR-BASED ADAPTATION OF COMPUTER SYSTEMS | |
WO2007005440A3 (en) | Change event correlation | |
GB2467685A (en) | Risk scoring system for the prevention of malware | |
WO2006121572A3 (en) | System and method for scanning obfuscated files for pestware | |
EP1906330A3 (en) | Information processing system, information processing method, information processing program, computer readable medium and computer data signal | |
WO2010019288A8 (en) | Log file time sequence stamping | |
WO2008124566A3 (en) | System and method for pain detection and computation of a pain quantification index | |
GB2452888A (en) | Systems and methods for monitoring and detecting fraudulent uses of business applications | |
WO2007073546A3 (en) | Installing an application from one peer to another including configuration settings | |
EP1657662A3 (en) | Efficient white listing of user-modifiable files | |
WO2012118702A3 (en) | Driver identification system and methods | |
WO2007124421A3 (en) | Backwards researching existing pestware | |
WO2008115670A3 (en) | System and method for identifying content | |
WO2011047296A3 (en) | Detecting and responding to malware using link files | |
IL172591A0 (en) | A system and method of processing radar information | |
EP2661049A3 (en) | System and method for malware detection | |
WO2006065594A3 (en) | Method and system for monitoring a workflow for an object |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 2007761007 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |