WO2007124416A3 - Backwards researching activity indicative of pestware - Google Patents

Backwards researching activity indicative of pestware Download PDF

Info

Publication number
WO2007124416A3
WO2007124416A3 PCT/US2007/067076 US2007067076W WO2007124416A3 WO 2007124416 A3 WO2007124416 A3 WO 2007124416A3 US 2007067076 W US2007067076 W US 2007067076W WO 2007124416 A3 WO2007124416 A3 WO 2007124416A3
Authority
WO
WIPO (PCT)
Prior art keywords
pestware
researching
backwards
activity
activity indicative
Prior art date
Application number
PCT/US2007/067076
Other languages
French (fr)
Other versions
WO2007124416A2 (en
Inventor
Matthew L Boney
Original Assignee
Webroot Software Inc
Matthew L Boney
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=38596640&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=WO2007124416(A3) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Webroot Software Inc, Matthew L Boney filed Critical Webroot Software Inc
Publication of WO2007124416A2 publication Critical patent/WO2007124416A2/en
Publication of WO2007124416A3 publication Critical patent/WO2007124416A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Abstract

A system and method for researching an identity of a source of activity that is indicative of pestware is described. In one embodiment the method comprises monitoring the computer for activity that is indicative of pestware, identifying, based upon the activity, an object residing on the computer that is a suspected pestware object; and accessing at least a portion of a recorded history of sources that the computer received files from so as to identify a reference to an identity of a particular source that the suspected pestware object originated from.
PCT/US2007/067076 2006-04-20 2007-04-20 Backwards researching activity indicative of pestware WO2007124416A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/408,146 US8201243B2 (en) 2006-04-20 2006-04-20 Backwards researching activity indicative of pestware
US11/408,146 2006-04-20

Publications (2)

Publication Number Publication Date
WO2007124416A2 WO2007124416A2 (en) 2007-11-01
WO2007124416A3 true WO2007124416A3 (en) 2007-12-21

Family

ID=38596640

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/067076 WO2007124416A2 (en) 2006-04-20 2007-04-20 Backwards researching activity indicative of pestware

Country Status (2)

Country Link
US (2) US8201243B2 (en)
WO (1) WO2007124416A2 (en)

Families Citing this family (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7480683B2 (en) 2004-10-01 2009-01-20 Webroot Software, Inc. System and method for heuristic analysis to identify pestware
US20070016951A1 (en) * 2005-07-13 2007-01-18 Piccard Paul L Systems and methods for identifying sources of malware
US8181244B2 (en) 2006-04-20 2012-05-15 Webroot Inc. Backward researching time stamped events to find an origin of pestware
US8190868B2 (en) 2006-08-07 2012-05-29 Webroot Inc. Malware management through kernel detection
US8713513B2 (en) * 2006-12-13 2014-04-29 Infosys Limited Evaluating programmer efficiency in maintaining software systems
US20090094459A1 (en) * 2007-10-09 2009-04-09 Schneider Jerome L Method and system for associating one or more pestware-related indications with a file on a computer-readable storage medium of a computer
US8650648B2 (en) 2008-03-26 2014-02-11 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US8521732B2 (en) * 2008-05-23 2013-08-27 Solera Networks, Inc. Presentation of an extracted artifact based on an indexing technique
US8625642B2 (en) 2008-05-23 2014-01-07 Solera Networks, Inc. Method and apparatus of network artifact indentification and extraction
US8607345B1 (en) * 2008-12-16 2013-12-10 Trend Micro Incorporated Method and apparatus for generic malware downloader detection and prevention
US11489857B2 (en) 2009-04-21 2022-11-01 Webroot Inc. System and method for developing a risk profile for an internet resource
US9390263B2 (en) 2010-03-31 2016-07-12 Sophos Limited Use of an application controller to monitor and control software file and application environments
US8849991B2 (en) 2010-12-15 2014-09-30 Blue Coat Systems, Inc. System and method for hypertext transfer protocol layered reconstruction
US8666985B2 (en) 2011-03-16 2014-03-04 Solera Networks, Inc. Hardware accelerated application-based pattern matching for real time classification and recording of network traffic
US9043903B2 (en) 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent
US9292881B2 (en) 2012-06-29 2016-03-22 Crowdstrike, Inc. Social sharing of security information in a group
US20140074603A1 (en) * 2012-09-11 2014-03-13 Millmobile Bv Consumer advertisement targeting platform system
GB2505529B (en) * 2012-11-08 2014-07-30 F Secure Corp Protecting a user from a compromised web resource
JP6590481B2 (en) * 2012-12-07 2019-10-16 キヤノン電子株式会社 Virus intrusion route specifying device, virus intrusion route specifying method and program
US10409980B2 (en) 2012-12-27 2019-09-10 Crowdstrike, Inc. Real-time representation of security-relevant system state
CN104717616A (en) * 2013-12-13 2015-06-17 腾讯科技(深圳)有限公司 Push message management method and device
US20150222646A1 (en) 2014-01-31 2015-08-06 Crowdstrike, Inc. Tagging Security-Relevant System Objects
US10289405B2 (en) 2014-03-20 2019-05-14 Crowdstrike, Inc. Integrity assurance and rebootless updating during runtime
US9917851B2 (en) 2014-04-28 2018-03-13 Sophos Limited Intrusion detection using a heartbeat
US10122753B2 (en) 2014-04-28 2018-11-06 Sophos Limited Using reputation to avoid false malware detections
US9798882B2 (en) 2014-06-06 2017-10-24 Crowdstrike, Inc. Real-time model of states of monitored devices
US10050935B2 (en) 2014-07-09 2018-08-14 Shape Security, Inc. Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction
US9258274B2 (en) 2014-07-09 2016-02-09 Shape Security, Inc. Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs
US9729506B2 (en) * 2014-08-22 2017-08-08 Shape Security, Inc. Application programming interface wall
US9800602B2 (en) 2014-09-30 2017-10-24 Shape Security, Inc. Automated hardening of web page content
WO2016072310A1 (en) 2014-11-05 2016-05-12 キヤノン電子株式会社 Specification device, control method thereof, and program
WO2016097757A1 (en) 2014-12-18 2016-06-23 Sophos Limited A method and system for network access control based on traffic monitoring and vulnerability detection using process related information
US10339303B2 (en) 2015-01-22 2019-07-02 Mcafee, Llc Detection of malicious invocation of application program interface calls
US10339316B2 (en) 2015-07-28 2019-07-02 Crowdstrike, Inc. Integrity assurance through early loading in the boot phase
US9928366B2 (en) 2016-04-15 2018-03-27 Sophos Limited Endpoint malware detection using an event graph
GB2566657B8 (en) 2016-06-30 2022-04-13 Sophos Ltd Proactive network security using a health heartbeat
GB2555517B (en) 2016-08-03 2022-05-11 Sophos Ltd Mitigation of return-oriented programming attacks
US10387228B2 (en) 2017-02-21 2019-08-20 Crowdstrike, Inc. Symmetric bridge component for communications between kernel mode and user mode
KR101954623B1 (en) * 2017-02-27 2019-03-06 한국전자통신연구원 Apparatus and method for updating software on the virtualized environment
US10997303B2 (en) 2017-09-12 2021-05-04 Sophos Limited Managing untyped network traffic flows
US10740459B2 (en) 2017-12-28 2020-08-11 Crowdstrike, Inc. Kernel- and user-level cooperative security processing
US10841333B2 (en) 2018-01-08 2020-11-17 Sophos Limited Malware detection using machine learning
US11616758B2 (en) 2018-04-04 2023-03-28 Sophos Limited Network device for securing endpoints in a heterogeneous enterprise network
US11288385B2 (en) 2018-04-13 2022-03-29 Sophos Limited Chain of custody for enterprise documents
US11552962B2 (en) 2018-08-31 2023-01-10 Sophos Limited Computer assisted identification of intermediate level threats
US11550900B1 (en) 2018-11-16 2023-01-10 Sophos Limited Malware mitigation based on runtime memory allocation
WO2020106512A1 (en) 2018-11-19 2020-05-28 Sophos Limited Deferred malware scanning
US11080395B1 (en) 2018-11-30 2021-08-03 Capsule8, Inc. Interactive shell event detection
CN109815701B (en) * 2018-12-29 2022-04-22 奇安信安全技术(珠海)有限公司 Software security detection method, client, system and storage medium
US11714905B2 (en) 2019-05-10 2023-08-01 Sophos Limited Attribute relevance tagging in malware recognition
US11727143B2 (en) 2020-06-22 2023-08-15 Sophos Limited Live discovery of enterprise threats based on security query activity
US11775639B2 (en) 2020-10-23 2023-10-03 Sophos Limited File integrity monitoring
US11184454B1 (en) * 2020-12-21 2021-11-23 Coupang Corp. Systems and methods for managing perpetual data requests to conserve resources
US11929992B2 (en) 2021-03-31 2024-03-12 Sophos Limited Encrypted cache protection

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998045778A2 (en) * 1997-04-08 1998-10-15 Marc Zuta Antivirus system and method
US20040064515A1 (en) * 2000-08-31 2004-04-01 Alyn Hockey Monitoring eletronic mail message digests
US20050268112A1 (en) * 2004-05-28 2005-12-01 Microsoft Corporation Managing spyware and unwanted software through auto-start extensibility points

Family Cites Families (65)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5721850A (en) 1993-01-15 1998-02-24 Quotron Systems, Inc. Method and means for navigating user interfaces which support a plurality of executing applications
US5623600A (en) 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
US6073241A (en) 1996-08-29 2000-06-06 C/Net, Inc. Apparatus and method for tracking world wide web browser requests across distinct domains using persistent client-side state
US5951698A (en) 1996-10-02 1999-09-14 Trend Micro, Incorporated System, apparatus and method for the detection and removal of viruses in macros
US7058822B2 (en) 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US6167520A (en) 1996-11-08 2000-12-26 Finjan Software, Inc. System and method for protecting a client during runtime from hostile downloadables
US6611878B2 (en) 1996-11-08 2003-08-26 International Business Machines Corporation Method and apparatus for software technology injection for operating systems which assign separate process address spaces
US6154844A (en) 1996-11-08 2000-11-28 Finjan Software, Ltd. System and method for attaching a downloadable security profile to a downloadable
US6141698A (en) 1997-01-29 2000-10-31 Network Commerce Inc. Method and system for injecting new code into existing application code
US5920696A (en) 1997-02-25 1999-07-06 International Business Machines Corporation Dynamic windowing system in a transaction base network for a client to request transactions of transient programs at a server
US6310630B1 (en) 1997-12-12 2001-10-30 International Business Machines Corporation Data processing system and method for internet browser history generation
US6266774B1 (en) 1998-12-08 2001-07-24 Mcafee.Com Corporation Method and system for securing, managing or optimizing a personal computer
US6813711B1 (en) 1999-01-05 2004-11-02 Samsung Electronics Co., Ltd. Downloading files from approved web site
US6460060B1 (en) 1999-01-26 2002-10-01 International Business Machines Corporation Method and system for searching web browser history
US7917744B2 (en) 1999-02-03 2011-03-29 Cybersoft, Inc. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer in instant messaging and peer-to-peer applications
US6397264B1 (en) 1999-11-01 2002-05-28 Rstar Corporation Multi-browser client architecture for managing multiple applications having a history list
US6535931B1 (en) 1999-12-13 2003-03-18 International Business Machines Corp. Extended keyboard support in a run time environment for keys not recognizable on standard or non-standard keyboards
JP4700884B2 (en) * 2000-04-28 2011-06-15 インターナショナル・ビジネス・マシーンズ・コーポレーション Method and system for managing computer security information
US20050154885A1 (en) 2000-05-15 2005-07-14 Interfuse Technology, Inc. Electronic data security system and method
US7058976B1 (en) * 2000-05-17 2006-06-06 Deep Nines, Inc. Intelligent feedback loop process control system
US20040034794A1 (en) 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US9213836B2 (en) * 2000-05-28 2015-12-15 Barhon Mayer, Batya System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages
US20030159070A1 (en) * 2001-05-28 2003-08-21 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US6829654B1 (en) 2000-06-23 2004-12-07 Cloudshield Technologies, Inc. Apparatus and method for virtual edge placement of web sites
US6667751B1 (en) 2000-07-13 2003-12-23 International Business Machines Corporation Linear web browser history viewer
US20020162017A1 (en) 2000-07-14 2002-10-31 Stephen Sorkin System and method for analyzing logfiles
US6910134B1 (en) 2000-08-29 2005-06-21 Netrake Corporation Method and device for innoculating email infected with a virus
US6785732B1 (en) 2000-09-11 2004-08-31 International Business Machines Corporation Web server apparatus and method for virus checking
WO2002071227A1 (en) 2001-03-01 2002-09-12 Cyber Operations, Llc System and method for anti-network terrorism
CN1147795C (en) 2001-04-29 2004-04-28 北京瑞星科技股份有限公司 Method, system and medium for detecting and clearing known and anknown computer virus
US20030065943A1 (en) * 2001-09-28 2003-04-03 Christoph Geis Method and apparatus for recognizing and reacting to denial of service attacks on a computerized network
US7210168B2 (en) 2001-10-15 2007-04-24 Mcafee, Inc. Updating malware definition data for mobile data processing devices
US7107617B2 (en) 2001-10-15 2006-09-12 Mcafee, Inc. Malware scanning of compressed computer files
US20030101381A1 (en) 2001-11-29 2003-05-29 Nikolay Mateev System and method for virus checking software
US6633835B1 (en) 2002-01-10 2003-10-14 Networks Associates Technology, Inc. Prioritized data capture, classification and filtering in a network monitoring environment
US6772345B1 (en) 2002-02-08 2004-08-03 Networks Associates Technology, Inc. Protocol-level malware scanner
US8370936B2 (en) * 2002-02-08 2013-02-05 Juniper Networks, Inc. Multi-method gateway-based network security systems and methods
US20030217287A1 (en) 2002-05-16 2003-11-20 Ilya Kruglenko Secure desktop environment for unsophisticated computer users
US20040024864A1 (en) * 2002-07-31 2004-02-05 Porras Phillip Andrew User, process, and application tracking in an intrusion detection system
US7263721B2 (en) 2002-08-09 2007-08-28 International Business Machines Corporation Password protection
US7509679B2 (en) 2002-08-30 2009-03-24 Symantec Corporation Method, system and computer program product for security in a global computer network transaction
US7832011B2 (en) 2002-08-30 2010-11-09 Symantec Corporation Method and apparatus for detecting malicious code in an information handling system
US20040080529A1 (en) 2002-10-24 2004-04-29 Wojcik Paul Kazimierz Method and system for securing text-entry in a web form over a computer network
US6965968B1 (en) 2003-02-27 2005-11-15 Finjan Software Ltd. Policy-based caching
US20040225877A1 (en) * 2003-05-09 2004-11-11 Zezhen Huang Method and system for protecting computer system from malicious software operation
US20050038697A1 (en) 2003-06-30 2005-02-17 Aaron Jeffrey A. Automatically facilitated marketing and provision of electronic services
US8281114B2 (en) 2003-12-23 2012-10-02 Check Point Software Technologies, Inc. Security system with methodology for defending against security breaches of peripheral devices
US20050273858A1 (en) * 2004-06-07 2005-12-08 Erez Zadok Stackable file systems and methods thereof
US20060085528A1 (en) * 2004-10-01 2006-04-20 Steve Thomas System and method for monitoring network communications for pestware
WO2006101549A2 (en) * 2004-12-03 2006-09-28 Whitecell Software, Inc. Secure system for allowing the execution of authorized computer program code
US7490352B2 (en) * 2005-04-07 2009-02-10 Microsoft Corporation Systems and methods for verifying trust of executable files
US7346611B2 (en) * 2005-04-12 2008-03-18 Webroot Software, Inc. System and method for accessing data from a data storage medium
US20090144826A2 (en) 2005-06-30 2009-06-04 Webroot Software, Inc. Systems and Methods for Identifying Malware Distribution
US7587724B2 (en) * 2005-07-13 2009-09-08 Symantec Corporation Kernel validation layer
US20070074289A1 (en) * 2005-09-28 2007-03-29 Phil Maddaloni Client side exploit tracking
US8079080B2 (en) * 2005-10-21 2011-12-13 Mathew R. Syrowik Method, system and computer program product for detecting security threats in a computer network
US20070094733A1 (en) 2005-10-26 2007-04-26 Wilson Michael C System and method for neutralizing pestware residing in executable memory
US7849185B1 (en) * 2006-01-10 2010-12-07 Raytheon Company System and method for attacker attribution in a network security system
US20070169198A1 (en) * 2006-01-18 2007-07-19 Phil Madddaloni System and method for managing pestware affecting an operating system of a computer
US20070168694A1 (en) * 2006-01-18 2007-07-19 Phil Maddaloni System and method for identifying and removing pestware using a secondary operating system
US7937758B2 (en) * 2006-01-25 2011-05-03 Symantec Corporation File origin determination
US8312479B2 (en) * 2006-03-08 2012-11-13 Navisense Application programming interface (API) for sensory events
US7926111B2 (en) * 2006-03-17 2011-04-12 Symantec Corporation Determination of related entities
US8181244B2 (en) 2006-04-20 2012-05-15 Webroot Inc. Backward researching time stamped events to find an origin of pestware
US20070250818A1 (en) 2006-04-20 2007-10-25 Boney Matthew L Backwards researching existing pestware

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998045778A2 (en) * 1997-04-08 1998-10-15 Marc Zuta Antivirus system and method
US20040064515A1 (en) * 2000-08-31 2004-04-01 Alyn Hockey Monitoring eletronic mail message digests
US20050268112A1 (en) * 2004-05-28 2005-12-01 Microsoft Corporation Managing spyware and unwanted software through auto-start extensibility points

Also Published As

Publication number Publication date
US8719932B2 (en) 2014-05-06
WO2007124416A2 (en) 2007-11-01
US20120246722A1 (en) 2012-09-27
US20070250817A1 (en) 2007-10-25
US8201243B2 (en) 2012-06-12

Similar Documents

Publication Publication Date Title
WO2007124416A3 (en) Backwards researching activity indicative of pestware
WO2007124417A3 (en) Backwards researching time stamped events to find an origin of pestware
EP2350933A4 (en) Performance analysis of applications
WO2008091785A3 (en) System and method for determining data entropy to identify malware
WO2007009009A3 (en) Systems and methods for identifying sources of malware
WO2007131078A3 (en) Inflammatory condition progression, diagnosis and treatment monitoring methods, systems, apparatus, and uses
WO2009115957A3 (en) Distributed spectrum sensing
GB2455944A (en) Method and system for detecting faults in a process plant
DE60333631D1 (en) BEHAVIOR-BASED ADAPTATION OF COMPUTER SYSTEMS
WO2007005440A3 (en) Change event correlation
GB2467685A (en) Risk scoring system for the prevention of malware
WO2006121572A3 (en) System and method for scanning obfuscated files for pestware
EP1906330A3 (en) Information processing system, information processing method, information processing program, computer readable medium and computer data signal
WO2010019288A8 (en) Log file time sequence stamping
WO2008124566A3 (en) System and method for pain detection and computation of a pain quantification index
GB2452888A (en) Systems and methods for monitoring and detecting fraudulent uses of business applications
WO2007073546A3 (en) Installing an application from one peer to another including configuration settings
EP1657662A3 (en) Efficient white listing of user-modifiable files
WO2012118702A3 (en) Driver identification system and methods
WO2007124421A3 (en) Backwards researching existing pestware
WO2008115670A3 (en) System and method for identifying content
WO2011047296A3 (en) Detecting and responding to malware using link files
IL172591A0 (en) A system and method of processing radar information
EP2661049A3 (en) System and method for malware detection
WO2006065594A3 (en) Method and system for monitoring a workflow for an object

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 2007761007

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE