WO1998030957A3 - Polymorphic virus detection module - Google Patents
Polymorphic virus detection module Download PDFInfo
- Publication number
- WO1998030957A3 WO1998030957A3 PCT/US1998/008897 US9808897W WO9830957A3 WO 1998030957 A3 WO1998030957 A3 WO 1998030957A3 US 9808897 W US9808897 W US 9808897W WO 9830957 A3 WO9830957 A3 WO 9830957A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- virus
- module
- polymorphic
- register
- viruses
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE69804760T DE69804760T2 (en) | 1997-01-08 | 1998-01-05 | METHOD AND DEVICE FOR DETECTING POLYMORPHER VIRUSES |
EP98905124A EP0951676B1 (en) | 1997-01-08 | 1998-01-05 | Method and apparatus for polymorphic virus detection |
CA002277330A CA2277330A1 (en) | 1997-01-08 | 1998-01-05 | Polymorphic virus detection module |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/780,985 | 1997-01-08 | ||
US08/780,985 US5826013A (en) | 1995-09-28 | 1997-01-08 | Polymorphic virus detection module |
Publications (3)
Publication Number | Publication Date |
---|---|
WO1998030957A2 WO1998030957A2 (en) | 1998-07-16 |
WO1998030957A3 true WO1998030957A3 (en) | 1998-11-05 |
WO1998030957A9 WO1998030957A9 (en) | 1999-06-17 |
Family
ID=25121300
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1998/008897 WO1998030957A2 (en) | 1997-01-08 | 1998-01-05 | Polymorphic virus detection module |
Country Status (5)
Country | Link |
---|---|
US (1) | US5826013A (en) |
EP (1) | EP0951676B1 (en) |
CA (1) | CA2277330A1 (en) |
DE (1) | DE69804760T2 (en) |
WO (1) | WO1998030957A2 (en) |
Families Citing this family (166)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5964889A (en) * | 1997-04-16 | 1999-10-12 | Symantec Corporation | Method to analyze a program for presence of computer viruses by examining the opcode for faults before emulating instruction in emulator |
US5987608A (en) * | 1997-05-13 | 1999-11-16 | Netscape Communications Corporation | Java security mechanism |
US6134566A (en) * | 1997-06-30 | 2000-10-17 | Microsoft Corporation | Method for controlling an electronic mail preview pane to avoid system disruption |
US6357008B1 (en) * | 1997-09-23 | 2002-03-12 | Symantec Corporation | Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases |
US6081894A (en) * | 1997-10-22 | 2000-06-27 | Rvt Technologies, Inc. | Method and apparatus for isolating an encrypted computer system upon detection of viruses and similar data |
US6003132A (en) * | 1997-10-22 | 1999-12-14 | Rvt Technologies, Inc. | Method and apparatus for isolating a computer system upon detection of viruses and similar data |
US6108799A (en) * | 1997-11-21 | 2000-08-22 | International Business Machines Corporation | Automated sample creation of polymorphic and non-polymorphic marcro viruses |
US6021510A (en) * | 1997-11-24 | 2000-02-01 | Symantec Corporation | Antivirus accelerator |
US6094731A (en) * | 1997-11-24 | 2000-07-25 | Symantec Corporation | Antivirus accelerator for computer networks |
US6029256A (en) * | 1997-12-31 | 2000-02-22 | Network Associates, Inc. | Method and system for allowing computer programs easy access to features of a virus scanning engine |
US6338141B1 (en) | 1998-09-30 | 2002-01-08 | Cybersoft, Inc. | Method and apparatus for computer virus detection, analysis, and removal in real time |
EP1149339A1 (en) | 1998-12-09 | 2001-10-31 | Network Ice Corporation | A method and apparatus for providing network and computer system security |
WO2000036515A1 (en) * | 1998-12-11 | 2000-06-22 | Rvt Technologies, Inc. | Method and apparatus for isolating a computer system upon detection of viruses and similar data |
US6874087B1 (en) | 1999-07-13 | 2005-03-29 | International Business Machines Corporation | Integrity checking an executable module and associated protected service provider module |
US7117532B1 (en) | 1999-07-14 | 2006-10-03 | Symantec Corporation | System and method for generating fictitious content for a computer |
US6981155B1 (en) | 1999-07-14 | 2005-12-27 | Symantec Corporation | System and method for computer security |
AU6107600A (en) | 1999-07-14 | 2001-01-30 | Recourse Technologies, Inc. | System and method for computer security |
US7346929B1 (en) | 1999-07-29 | 2008-03-18 | International Business Machines Corporation | Method and apparatus for auditing network security |
US7203962B1 (en) | 1999-08-30 | 2007-04-10 | Symantec Corporation | System and method for using timestamps to detect attacks |
US6851057B1 (en) | 1999-11-30 | 2005-02-01 | Symantec Corporation | Data driven detection of viruses |
US8006243B2 (en) | 1999-12-07 | 2011-08-23 | International Business Machines Corporation | Method and apparatus for remote installation of network drivers and software |
US6954858B1 (en) | 1999-12-22 | 2005-10-11 | Kimberly Joyce Welborn | Computer virus avoidance system and mechanism |
US6971019B1 (en) * | 2000-03-14 | 2005-11-29 | Symantec Corporation | Histogram-based virus detection |
KR100367129B1 (en) * | 2000-03-21 | 2003-01-09 | 주식회사 하우리 | A polymorphic virus analysis system and a method thereof |
US7574740B1 (en) | 2000-04-28 | 2009-08-11 | International Business Machines Corporation | Method and system for intrusion detection in a computer network |
US7921459B2 (en) | 2000-04-28 | 2011-04-05 | International Business Machines Corporation | System and method for managing security events on a network |
US20040073617A1 (en) | 2000-06-19 | 2004-04-15 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail |
US20040064737A1 (en) * | 2000-06-19 | 2004-04-01 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses |
US7162649B1 (en) | 2000-06-30 | 2007-01-09 | Internet Security Systems, Inc. | Method and apparatus for network assessment and authentication |
US7093239B1 (en) | 2000-07-14 | 2006-08-15 | Internet Security Systems, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
US7069583B2 (en) * | 2000-07-14 | 2006-06-27 | Computer Associates Think, Inc. | Detection of polymorphic virus code using dataflow analysis |
US7210040B2 (en) * | 2000-07-14 | 2007-04-24 | Computer Associates Think, Inc. | Detection of suspicious privileged access to restricted computer resources |
US7350235B2 (en) * | 2000-07-14 | 2008-03-25 | Computer Associates Think, Inc. | Detection of decryption to identify encrypted virus |
US8341743B2 (en) * | 2000-07-14 | 2012-12-25 | Ca, Inc. | Detection of viral code using emulation of operating system functions |
US7069589B2 (en) * | 2000-07-14 | 2006-06-27 | Computer Associates Think, Inc.. | Detection of a class of viral code |
US7636945B2 (en) * | 2000-07-14 | 2009-12-22 | Computer Associates Think, Inc. | Detection of polymorphic script language viruses by data driven lexical analysis |
US6981279B1 (en) * | 2000-08-17 | 2005-12-27 | International Business Machines Corporation | Method and apparatus for replicating and analyzing worm programs |
US7032114B1 (en) * | 2000-08-30 | 2006-04-18 | Symantec Corporation | System and method for using signatures to detect computer intrusions |
US6928555B1 (en) * | 2000-09-18 | 2005-08-09 | Networks Associates Technology, Inc. | Method and apparatus for minimizing file scanning by anti-virus programs |
US7178166B1 (en) | 2000-09-19 | 2007-02-13 | Internet Security Systems, Inc. | Vulnerability assessment and authentication of a computer by a local scanner |
US6968461B1 (en) * | 2000-10-03 | 2005-11-22 | Networks Associates Technology, Inc. | Providing break points in a malware scanning operation |
US9027121B2 (en) | 2000-10-10 | 2015-05-05 | International Business Machines Corporation | Method and system for creating a record for one or more computer security incidents |
US7146305B2 (en) | 2000-10-24 | 2006-12-05 | Vcis, Inc. | Analytical virtual machine |
US7398553B1 (en) * | 2000-10-30 | 2008-07-08 | Tread Micro, Inc. | Scripting virus scan engine |
US7130466B2 (en) | 2000-12-21 | 2006-10-31 | Cobion Ag | System and method for compiling images from a database and comparing the compiled images with known images |
WO2002062049A2 (en) | 2001-01-31 | 2002-08-08 | Timothy David Dodd | Method and system for calculating risk in association with a security audit of a computer network |
WO2002093334A2 (en) * | 2001-04-06 | 2002-11-21 | Symantec Corporation | Temporal access control for computer virus outbreaks |
CN1147795C (en) * | 2001-04-29 | 2004-04-28 | 北京瑞星科技股份有限公司 | Method, system and medium for detecting and clearing known and anknown computer virus |
US7065789B1 (en) | 2001-05-22 | 2006-06-20 | Computer Associates Think, Inc. | System and method for increasing heuristics suspicion levels in analyzed computer code |
US20020184566A1 (en) * | 2001-06-01 | 2002-12-05 | Michael Catherwood | Register pointer trap |
US7237264B1 (en) | 2001-06-04 | 2007-06-26 | Internet Security Systems, Inc. | System and method for preventing network misuse |
US20020188649A1 (en) * | 2001-06-12 | 2002-12-12 | Ron Karim | Mechanism for safely executing an untrusted program |
US7657419B2 (en) | 2001-06-19 | 2010-02-02 | International Business Machines Corporation | Analytical virtual machine |
US8056131B2 (en) * | 2001-06-21 | 2011-11-08 | Cybersoft, Inc. | Apparatus, methods and articles of manufacture for intercepting, examining and controlling code, data and files and their transfer |
WO2003025722A2 (en) * | 2001-09-14 | 2003-03-27 | Computer Associates Think, Inc. | Virus detection system |
US7266844B2 (en) * | 2001-09-27 | 2007-09-04 | Mcafee, Inc. | Heuristic detection of polymorphic computer viruses based on redundancy in viral code |
FR2830638A1 (en) * | 2001-10-05 | 2003-04-11 | France Telecom | Detection of attacks, especially virus type attacks, on a computer system, whereby a generic method is used that is capable of detecting attack programs hidden in data chains that are loaded into memory by a detectable instruction |
US20030101381A1 (en) * | 2001-11-29 | 2003-05-29 | Nikolay Mateev | System and method for virus checking software |
US7346781B2 (en) * | 2001-12-06 | 2008-03-18 | Mcafee, Inc. | Initiating execution of a computer program from an encrypted version of a computer program |
US7761605B1 (en) * | 2001-12-20 | 2010-07-20 | Mcafee, Inc. | Embedded anti-virus scanner for a network adapter |
WO2003058451A1 (en) | 2002-01-04 | 2003-07-17 | Internet Security Systems, Inc. | System and method for the managed security control of processes on a computer system |
US9652613B1 (en) | 2002-01-17 | 2017-05-16 | Trustwave Holdings, Inc. | Virus detection by executing electronic message code in a virtual machine |
US7607171B1 (en) | 2002-01-17 | 2009-10-20 | Avinti, Inc. | Virus detection by executing e-mail code in a virtual machine |
US8578480B2 (en) | 2002-03-08 | 2013-11-05 | Mcafee, Inc. | Systems and methods for identifying potentially malicious messages |
US20060015942A1 (en) | 2002-03-08 | 2006-01-19 | Ciphertrust, Inc. | Systems and methods for classification of messaging entities |
US7096498B2 (en) | 2002-03-08 | 2006-08-22 | Cipher Trust, Inc. | Systems and methods for message threat management |
US7693947B2 (en) | 2002-03-08 | 2010-04-06 | Mcafee, Inc. | Systems and methods for graphically displaying messaging traffic |
US7903549B2 (en) | 2002-03-08 | 2011-03-08 | Secure Computing Corporation | Content-based policy compliance systems and methods |
US6941467B2 (en) * | 2002-03-08 | 2005-09-06 | Ciphertrust, Inc. | Systems and methods for adaptive message interrogation through multiple queues |
US7124438B2 (en) | 2002-03-08 | 2006-10-17 | Ciphertrust, Inc. | Systems and methods for anomaly detection in patterns of monitored communications |
US8132250B2 (en) | 2002-03-08 | 2012-03-06 | Mcafee, Inc. | Message profiling systems and methods |
US8561167B2 (en) | 2002-03-08 | 2013-10-15 | Mcafee, Inc. | Web reputation scoring |
US7694128B2 (en) | 2002-03-08 | 2010-04-06 | Mcafee, Inc. | Systems and methods for secure communication delivery |
US7870203B2 (en) | 2002-03-08 | 2011-01-11 | Mcafee, Inc. | Methods and systems for exposing messaging reputation to an end user |
US7103913B2 (en) * | 2002-05-08 | 2006-09-05 | International Business Machines Corporation | Method and apparatus for determination of the non-replicative behavior of a malicious program |
US7370360B2 (en) * | 2002-05-13 | 2008-05-06 | International Business Machines Corporation | Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine |
US7409717B1 (en) * | 2002-05-23 | 2008-08-05 | Symantec Corporation | Metamorphic computer virus detection |
DE10233173B4 (en) * | 2002-07-22 | 2006-03-23 | Bayer Industry Services Gmbh & Co. Ohg | Method for separating mercury from flue gases |
US7487543B2 (en) * | 2002-07-23 | 2009-02-03 | International Business Machines Corporation | Method and apparatus for the automatic determination of potentially worm-like behavior of a program |
GB2391965B (en) * | 2002-08-14 | 2005-11-30 | Messagelabs Ltd | Method of, and system for, heuristically detecting viruses in executable code |
US7469419B2 (en) | 2002-10-07 | 2008-12-23 | Symantec Corporation | Detection of malicious computer code |
US7761917B1 (en) | 2002-11-21 | 2010-07-20 | Vmware, Inc. | Method and apparatus for the detection and prevention of intrusions, computer worms, and denial of service attacks |
US7657937B1 (en) | 2003-01-02 | 2010-02-02 | Vmware, Inc. | Method for customizing processing and response for intrusion prevention |
US7913303B1 (en) | 2003-01-21 | 2011-03-22 | International Business Machines Corporation | Method and system for dynamically protecting a computer system from attack |
WO2004077295A1 (en) * | 2003-02-26 | 2004-09-10 | Secure Ware Inc. | Unauthorized processing judgment method, data processing device, computer program, and recording medium |
WO2004077294A1 (en) * | 2003-02-26 | 2004-09-10 | Secure Ware Inc. | Unauthorized processing judgment method, data processing device, computer program, and recording medium |
US7284273B1 (en) * | 2003-05-29 | 2007-10-16 | Symantec Corporation | Fuzzy scanning system and method |
US7657938B2 (en) | 2003-10-28 | 2010-02-02 | International Business Machines Corporation | Method and system for protecting computer networks by altering unwanted network data traffic |
US8151117B2 (en) | 2003-11-05 | 2012-04-03 | Vocalcomm Group, Llc | Detection of items stored in a computer system |
CA2545916C (en) * | 2003-11-12 | 2015-03-17 | The Trustees Of Columbia University In The City Of New York | Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data |
US7624449B1 (en) * | 2004-01-22 | 2009-11-24 | Symantec Corporation | Countering polymorphic malicious computer code through code optimization |
US7984304B1 (en) * | 2004-03-02 | 2011-07-19 | Vmware, Inc. | Dynamic verification of validity of executable code |
US8613091B1 (en) * | 2004-03-08 | 2013-12-17 | Redcannon Security, Inc. | Method and apparatus for creating a secure anywhere system |
US7484247B2 (en) | 2004-08-07 | 2009-01-27 | Allen F Rozman | System and method for protecting a computer system from malicious software |
US7591018B1 (en) * | 2004-09-14 | 2009-09-15 | Trend Micro Incorporated | Portable antivirus device with solid state memory |
US7480683B2 (en) * | 2004-10-01 | 2009-01-20 | Webroot Software, Inc. | System and method for heuristic analysis to identify pestware |
ITRM20040517A1 (en) * | 2004-10-20 | 2005-01-20 | Diego Angelo Tomaselli | METHOD AND ANTIVIRUS SYSTEM. |
US20060095964A1 (en) * | 2004-10-29 | 2006-05-04 | Microsoft Corporation | Document stamping antivirus manifest |
US8635690B2 (en) | 2004-11-05 | 2014-01-21 | Mcafee, Inc. | Reputation based message processing |
US7698744B2 (en) | 2004-12-03 | 2010-04-13 | Whitecell Software Inc. | Secure system for allowing the execution of authorized computer program code |
US7636856B2 (en) * | 2004-12-06 | 2009-12-22 | Microsoft Corporation | Proactive computer malware protection through dynamic translation |
US7343599B2 (en) * | 2005-01-03 | 2008-03-11 | Blue Lane Technologies Inc. | Network-based patching machine |
US8059551B2 (en) * | 2005-02-15 | 2011-11-15 | Raytheon Bbn Technologies Corp. | Method for source-spoofed IP packet traceback |
US8046834B2 (en) * | 2005-03-30 | 2011-10-25 | Alcatel Lucent | Method of polymorphic detection |
US7591016B2 (en) * | 2005-04-14 | 2009-09-15 | Webroot Software, Inc. | System and method for scanning memory for pestware offset signatures |
US7349931B2 (en) | 2005-04-14 | 2008-03-25 | Webroot Software, Inc. | System and method for scanning obfuscated files for pestware |
US7571476B2 (en) * | 2005-04-14 | 2009-08-04 | Webroot Software, Inc. | System and method for scanning memory for pestware |
US7937480B2 (en) | 2005-06-02 | 2011-05-03 | Mcafee, Inc. | Aggregation of reputation data |
US7895651B2 (en) | 2005-07-29 | 2011-02-22 | Bit 9, Inc. | Content tracking in a network security system |
US8984636B2 (en) | 2005-07-29 | 2015-03-17 | Bit9, Inc. | Content extractor and analysis system |
US8272058B2 (en) | 2005-07-29 | 2012-09-18 | Bit 9, Inc. | Centralized timed analysis in a network security system |
US7571483B1 (en) | 2005-08-25 | 2009-08-04 | Lockheed Martin Corporation | System and method for reducing the vulnerability of a computer network to virus threats |
US7739740B1 (en) * | 2005-09-22 | 2010-06-15 | Symantec Corporation | Detecting polymorphic threats |
US20070079375A1 (en) * | 2005-10-04 | 2007-04-05 | Drew Copley | Computer Behavioral Management Using Heuristic Analysis |
US7996898B2 (en) * | 2005-10-25 | 2011-08-09 | Webroot Software, Inc. | System and method for monitoring events on a computer to reduce false positive indication of pestware |
US8640235B2 (en) * | 2006-03-31 | 2014-01-28 | Symantec Corporation | Determination of malicious entities |
EP1870829B1 (en) * | 2006-06-23 | 2014-12-03 | Microsoft Corporation | Securing software by enforcing data flow integrity |
US8365286B2 (en) * | 2006-06-30 | 2013-01-29 | Sophos Plc | Method and system for classification of software using characteristics and combinations of such characteristics |
US8261344B2 (en) * | 2006-06-30 | 2012-09-04 | Sophos Plc | Method and system for classification of software using characteristics and combinations of such characteristics |
US20080016572A1 (en) * | 2006-07-12 | 2008-01-17 | Microsoft Corporation | Malicious software detection via memory analysis |
US8151352B1 (en) | 2006-07-14 | 2012-04-03 | Bitdefender IPR Managament Ltd. | Anti-malware emulation systems and methods |
US8190868B2 (en) | 2006-08-07 | 2012-05-29 | Webroot Inc. | Malware management through kernel detection |
US8392996B2 (en) * | 2006-08-08 | 2013-03-05 | Symantec Corporation | Malicious software detection |
US7949716B2 (en) | 2007-01-24 | 2011-05-24 | Mcafee, Inc. | Correlation and analysis of entity attributes |
US7779156B2 (en) | 2007-01-24 | 2010-08-17 | Mcafee, Inc. | Reputation based load balancing |
US8763114B2 (en) | 2007-01-24 | 2014-06-24 | Mcafee, Inc. | Detecting image spam |
US8179798B2 (en) | 2007-01-24 | 2012-05-15 | Mcafee, Inc. | Reputation based connection throttling |
US8214497B2 (en) | 2007-01-24 | 2012-07-03 | Mcafee, Inc. | Multi-dimensional reputation scoring |
US20100011441A1 (en) * | 2007-05-01 | 2010-01-14 | Mihai Christodorescu | System for malware normalization and detection |
US8321936B1 (en) | 2007-05-30 | 2012-11-27 | M86 Security, Inc. | System and method for malicious software detection in multiple protocols |
US8176477B2 (en) | 2007-09-14 | 2012-05-08 | International Business Machines Corporation | Method, system and program product for optimizing emulation of a suspected malware |
US8185930B2 (en) | 2007-11-06 | 2012-05-22 | Mcafee, Inc. | Adjusting filter or classification control settings |
US8045458B2 (en) | 2007-11-08 | 2011-10-25 | Mcafee, Inc. | Prioritizing network traffic |
US8806619B2 (en) * | 2007-12-20 | 2014-08-12 | Cybernet Systems Corporation | System and methods for detecting software vulnerabilities and malicious code |
US8160975B2 (en) | 2008-01-25 | 2012-04-17 | Mcafee, Inc. | Granular support vector machine with random granularity |
US8589503B2 (en) | 2008-04-04 | 2013-11-19 | Mcafee, Inc. | Prioritizing network traffic |
US9032503B2 (en) * | 2008-05-20 | 2015-05-12 | Shakeel Mustafa | Diversity string based pattern matching |
US8365283B1 (en) * | 2008-08-25 | 2013-01-29 | Symantec Corporation | Detecting mutating malware using fingerprints |
GB0822619D0 (en) * | 2008-12-11 | 2009-01-21 | Scansafe Ltd | Malware detection |
US8621625B1 (en) * | 2008-12-23 | 2013-12-31 | Symantec Corporation | Methods and systems for detecting infected files |
US11489857B2 (en) | 2009-04-21 | 2022-11-01 | Webroot Inc. | System and method for developing a risk profile for an internet resource |
US8370934B2 (en) * | 2009-06-25 | 2013-02-05 | Check Point Software Technologies Ltd. | Methods for detecting malicious programs using a multilayered heuristics approach |
US8955131B2 (en) | 2010-01-27 | 2015-02-10 | Mcafee Inc. | Method and system for proactive detection of malicious shared libraries via a remote reputation system |
US9202048B2 (en) * | 2010-01-27 | 2015-12-01 | Mcafee, Inc. | Method and system for discrete stateful behavioral analysis |
US8819826B2 (en) | 2010-01-27 | 2014-08-26 | Mcafee, Inc. | Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation |
US8474039B2 (en) | 2010-01-27 | 2013-06-25 | Mcafee, Inc. | System and method for proactive detection and repair of malware memory infection via a remote memory reputation system |
US8307434B2 (en) * | 2010-01-27 | 2012-11-06 | Mcafee, Inc. | Method and system for discrete stateful behavioral analysis |
US20110185428A1 (en) * | 2010-01-27 | 2011-07-28 | Mcafee, Inc. | Method and system for protection against unknown malicious activities observed by applications downloaded from pre-classified domains |
US20110219449A1 (en) * | 2010-03-04 | 2011-09-08 | St Neitzel Michael | Malware detection method, system and computer program product |
US8621638B2 (en) | 2010-05-14 | 2013-12-31 | Mcafee, Inc. | Systems and methods for classification of messaging entities |
US9231969B1 (en) * | 2010-05-28 | 2016-01-05 | Symantec Corporation | Determining file risk based on security reputation of associated objects |
US9147071B2 (en) | 2010-07-20 | 2015-09-29 | Mcafee, Inc. | System and method for proactive detection of malware device drivers via kernel forensic behavioral monitoring and a back-end reputation system |
US9536089B2 (en) | 2010-09-02 | 2017-01-03 | Mcafee, Inc. | Atomic detection and repair of kernel memory |
US20120096554A1 (en) * | 2010-10-19 | 2012-04-19 | Lavasoft Ab | Malware identification |
US9032526B2 (en) | 2011-05-12 | 2015-05-12 | Microsoft Technology Licensing, Llc | Emulating mixed-code programs using a virtual machine instance |
DE202011102058U1 (en) | 2011-06-16 | 2011-11-02 | Michael Rathgeb | Mechanism for preventing the execution of malicious code |
US8510841B2 (en) * | 2011-12-06 | 2013-08-13 | Raytheon Company | Detecting malware using patterns |
US20130347104A1 (en) * | 2012-02-10 | 2013-12-26 | Riverside Research Institute | Analyzing executable binary code without detection |
RU2510074C2 (en) | 2012-02-24 | 2014-03-20 | Закрытое акционерное общество "Лаборатория Касперского" | System and method of checking executable code before execution thereof |
RU2491615C1 (en) * | 2012-02-24 | 2013-08-27 | Закрытое акционерное общество "Лаборатория Касперского" | System and method of creating software detection records |
US8726392B1 (en) * | 2012-03-29 | 2014-05-13 | Symantec Corporation | Systems and methods for combining static and dynamic code analysis |
US9165142B1 (en) * | 2013-01-30 | 2015-10-20 | Palo Alto Networks, Inc. | Malware family identification using profile signatures |
US9009825B1 (en) * | 2013-06-21 | 2015-04-14 | Trend Micro Incorporated | Anomaly detector for computer networks |
RU2606559C1 (en) | 2015-10-22 | 2017-01-10 | Акционерное общество "Лаборатория Касперского" | System and method for optimizing of files antivirus checking |
US10764309B2 (en) | 2018-01-31 | 2020-09-01 | Palo Alto Networks, Inc. | Context profiling for malware detection |
US11159538B2 (en) | 2018-01-31 | 2021-10-26 | Palo Alto Networks, Inc. | Context for malware forensics and detection |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5321840A (en) * | 1988-05-05 | 1994-06-14 | Transaction Technology, Inc. | Distributed-intelligence computer system including remotely reconfigurable, telephone-type user terminal |
US5144660A (en) * | 1988-08-31 | 1992-09-01 | Rose Anthony M | Securing a computer against undesired write operations to or read operations from a mass storage device |
US5121345A (en) * | 1988-11-03 | 1992-06-09 | Lentz Stephen A | System and method for protecting integrity of computer data and software |
US4975950A (en) * | 1988-11-03 | 1990-12-04 | Lentz Stephen A | System and method of protecting integrity of computer data and software |
US5319776A (en) * | 1990-04-19 | 1994-06-07 | Hilgraeve Corporation | In transit detection of computer virus with safeguard |
US5408642A (en) * | 1991-05-24 | 1995-04-18 | Symantec Corporation | Method for recovery of a computer program infected by a computer virus |
DK170490B1 (en) * | 1992-04-28 | 1995-09-18 | Multi Inform As | Data Processing Plant |
US5649095A (en) * | 1992-03-30 | 1997-07-15 | Cozza; Paul D. | Method and apparatus for detecting computer viruses through the use of a scan information cache |
US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
US5359659A (en) * | 1992-06-19 | 1994-10-25 | Doren Rosenthal | Method for securing software against corruption by computer viruses |
US5440723A (en) * | 1993-01-19 | 1995-08-08 | International Business Machines Corporation | Automatic immune system for computers and computer networks |
US5398196A (en) * | 1993-07-29 | 1995-03-14 | Chambers; David A. | Method and apparatus for detection of computer viruses |
US5675711A (en) * | 1994-05-13 | 1997-10-07 | International Business Machines Corporation | Adaptive statistical regression and classification of data strings, with application to the generic detection of computer viruses |
US5537540A (en) * | 1994-09-30 | 1996-07-16 | Compaq Computer Corporation | Transparent, secure computer virus detection method and apparatus |
US5684875A (en) * | 1994-10-21 | 1997-11-04 | Ellenberger; Hans | Method and apparatus for detecting a computer virus on a computer |
US5613002A (en) * | 1994-11-21 | 1997-03-18 | International Business Machines Corporation | Generic disinfection of programs infected with a computer virus |
US5442699A (en) * | 1994-11-21 | 1995-08-15 | International Business Machines Corporation | Searching for patterns in encrypted data |
US5485575A (en) * | 1994-11-21 | 1996-01-16 | International Business Machines Corporation | Automatic analysis of a computer virus structure and means of attachment to its hosts |
US5559960A (en) * | 1995-04-21 | 1996-09-24 | Lettvin; Jonathan D. | Software anti-virus facility |
-
1997
- 1997-01-08 US US08/780,985 patent/US5826013A/en not_active Expired - Lifetime
-
1998
- 1998-01-05 WO PCT/US1998/008897 patent/WO1998030957A2/en active IP Right Grant
- 1998-01-05 DE DE69804760T patent/DE69804760T2/en not_active Expired - Lifetime
- 1998-01-05 CA CA002277330A patent/CA2277330A1/en not_active Abandoned
- 1998-01-05 EP EP98905124A patent/EP0951676B1/en not_active Expired - Lifetime
Non-Patent Citations (2)
Title |
---|
MARSHALL G.: "Pest Control", LAN MAGAZINE, vol. 3, no. 6, June 1995 (1995-06-01), pages 55/56, 58, 61, 63/64, 67, XP000613971 * |
NACHTENBERG C.S.: "A new technique for detecting polymorphic computer viruses a thesis submitted in partial satisfaction of the requirements for the degree master of science in computer science and engineering", THESIS UNIVERSITY OF CALIFORNIA, 1995, XP000197628 * |
Also Published As
Publication number | Publication date |
---|---|
DE69804760T2 (en) | 2003-03-06 |
US5826013A (en) | 1998-10-20 |
DE69804760D1 (en) | 2002-05-16 |
WO1998030957A2 (en) | 1998-07-16 |
WO1998030957A9 (en) | 1999-06-17 |
EP0951676A2 (en) | 1999-10-27 |
EP0951676B1 (en) | 2002-04-10 |
CA2277330A1 (en) | 1998-07-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO1998030957A3 (en) | Polymorphic virus detection module | |
DE69609980D1 (en) | METHOD AND SYSTEM FOR DETECTING POLYMORPHIC VIRUSES | |
WO1997029425A3 (en) | Emulation repair system | |
Younan et al. | PAriCheck: an efficient pointer arithmetic checker for C programs | |
US7584364B2 (en) | Overlapped code obfuscation | |
Duflot et al. | Using CPU system management mode to circumvent operating system security functions | |
AU7340700A (en) | Fast write instruction for micro engine used in multithreaded parallel processorarchitecture | |
US20030061497A1 (en) | Method for providing system integrity and legacy environment emulation | |
US20080127114A1 (en) | Framework for stealth dynamic coarse and fine-grained malware analysis | |
CA2299377A1 (en) | Detection of computer viruses spanning multiple data streams | |
EP1253502A3 (en) | Trusted computer system | |
WO1998003916A1 (en) | Pre-fetch queue emulation | |
Li et al. | Address-space randomization for windows systems | |
MY115760A (en) | Method and system for preventing unauthorized access to a computer program | |
Vogl et al. | X-TIER: Kernel module injection | |
EA199900060A1 (en) | MOVABLE PROTECTED TRANSACTION IMPLEMENTATION SYSTEM FOR PROGRAMMABLE DEVICES WITH MICROPROCESSORS | |
Alves et al. | Hardware-based Cyber Threats. | |
Fraser et al. | Copilot-a coprocessor-based kernel runtime integrity monitor | |
Wu et al. | Efficient and automatic instrumentation for packed binaries | |
Dai Zovi | Kernel rootkits | |
Ongetta | Virus creation laboratories | |
Ongetta | VIRUS NEWS | |
Zou et al. | Identify stack overflow exploits with dynamic binary instrumentation | |
Mironov et al. | Trusted Boot Mechanisms in Physical and Virtual Environments | |
Vasudevan | Re-inforced stealth breakpoints |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): CA JP |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): CA JP |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: C2 Designated state(s): CA JP |
|
AL | Designated countries for regional patents |
Kind code of ref document: C2 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
COP | Corrected version of pamphlet |
Free format text: PAGES 1/6-6/6, DRAWINGS, REPLACED BY NEW PAGES 1/5-5/5; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE |
|
ENP | Entry into the national phase |
Ref document number: 2277330 Country of ref document: CA Ref country code: CA Ref document number: 2277330 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1998905124 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1998905124 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP Ref document number: 1998531313 Format of ref document f/p: F |
|
WWG | Wipo information: grant in national office |
Ref document number: 1998905124 Country of ref document: EP |