公开(公告)号：US08646038B2

公开(公告)日：2014-02-04

申请号：US11532459

申请日：2006-09-15

申请人： Anthony Blumfield ,  Ronald Franczyk ,  Andrew Newman ,  Anatoly Koretsky

发明人： Anthony Blumfield ,  Ronald Franczyk ,  Andrew Newman ,  Anatoly Koretsky

IPC分类号： H04L9/00

CPC分类号： H04L63/1441 ,  H04L63/0236

摘要： Systems, methods, and/or techniques (“tools”) that relate to an automated service for blocking malware hosts are described herein. In different implementations, the tools receive network addresses identifying hosts that are discovered to contain malware. The tools also provide the network addresses to a collection and storage service. Other components provided by the tools receive the network addresses from, for example, a plurality of reporting clients. These components may aggregate the network addresses across the reporting clients, and store instances of the malware and associated malware addresses.

摘要翻译： 这里描述了与用于阻止恶意软件主机的自动化服务相关的系统，方法和/或技术（“工具”）。 在不同的实现中，这些工具接收识别被发现包含恶意软件的主机的网络地址。 这些工具还为收集和存储服务提供网络地址。 工具提供的其他组件从例如多个报告客户端接收网络地址。 这些组件可以汇总报告客户端上的网络地址，并存储恶意软件和相关恶意软件地址的实例。

公开(公告)号：US20070038677A1

公开(公告)日：2007-02-15

申请号：US11190749

申请日：2005-07-27

申请人： Sterling Reasor ,  Andrew Newman ,  Ronald Franczyk ,  Jason Garms ,  Christopher Jones

发明人： Sterling Reasor ,  Andrew Newman ,  Ronald Franczyk ,  Jason Garms ,  Christopher Jones

IPC分类号： G06F17/30

CPC分类号： G06F21/565

摘要： Embodiments of a feedback-driven malware detector are directed to protecting a computer from programs that perform actions that are malicious or not expected by a user. In one embodiment, the feedback-driven malware detector performs a method that initially determines whether the state of an application program scheduled to be added to an extensibility point on a computer is already known. If the state of the object is not already known, the user is informed that an application program is being installed on the computer and that the application program is being added to an extensibility point. Then, input is obtained from the user that assists in determining whether the application program is malware.

摘要翻译： 反馈驱动的恶意软件检测器的实施例旨在保护计算机不执行由用户恶意或不期望的动作的程序。 在一个实施例中，反馈驱动的恶意软件检测器执行一种方法，该方法最初确定计划添加到计算机上的可扩展点的应用程序的状态是否已知。 如果对象的状态尚未知道，则通知用户计算机上正在安装应用程序，并将应用程序添加到可扩展点。 然后，从用户获得有助于确定应用程序是否是恶意软件的输入。

公开(公告)号：US20070162975A1

公开(公告)日：2007-07-12

申请号：US11326890

申请日：2006-01-06

申请人： Adam Overton ,  Alexey Polyakov ,  Andrew Newman ,  Jason Garms ,  Ronald Franczyk ,  Scott Field ,  Sterling Reasor

发明人： Adam Overton ,  Alexey Polyakov ,  Andrew Newman ,  Jason Garms ,  Ronald Franczyk ,  Scott Field ,  Sterling Reasor

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  G06F21/561

摘要： Generally described, a method, software system, and computer-readable medium are provided for efficiently collecting data this useful in developing software systems to identify and protect against malware. In accordance with one embodiment, a method for collecting data to determine whether a malware is propagating in a networking environment is provided. More specifically, the method includes receiving preliminary data sets at a server computer from a plurality of client computers that describes attributes of a potential malware. Then a determination is made regarding whether secondary data is needed to implement systems for protecting against the potential malware. If secondary data is needed, the method causes the secondary data to be collected when an additional preliminary data set is received from a client computer.

摘要翻译： 通常描述，提供了一种方法，软件系统和计算机可读介质，用于有效地收集在开发软件系统中有用的数据，以识别和防止恶意软件。 根据一个实施例，提供了一种用于收集数据以确定恶意软件是否在网络环境中传播的方法。 更具体地说，该方法包括从描述潜在恶意软件的属性的多个客户端计算机在服务器计算机处接收初始数据集。 然后确定是否需要辅助数据来实施防止潜在恶意软件的系统。 如果需要辅助数据，则当从客户端计算机接收到附加的初始数据集时，该方法将导致辅助数据被收集。

公开(公告)号：US20080127306A1

公开(公告)日：2008-05-29

申请号：US11532459

申请日：2006-09-15

申请人： Anthony Blumfield ,  Ronald Franczyk ,  Andrew Newman ,  Anatoly Koretsky

发明人： Anthony Blumfield ,  Ronald Franczyk ,  Andrew Newman ,  Anatoly Koretsky

IPC分类号： H04L9/00 ,  G06F15/16 ,  G06F17/00

CPC分类号： H04L63/1441 ,  H04L63/0236

摘要： Systems, methods, and/or techniques (“tools”) that relate to an automated service for blocking malware hosts are described herein. In different implementations, the tools receive network addresses identifying hosts that are discovered to contain malware. The tools also provide the network addresses to a collection and storage service. Other components provided by the tools receive the network addresses from, for example, a plurality of reporting clients. These components may aggregate the network addresses across the reporting clients, and store instances of the malware and associated malware addresses.

摘要翻译： 这里描述了与用于阻止恶意软件主机的自动化服务相关的系统，方法和/或技术（“工具”）。 在不同的实现中，这些工具接收识别被发现包含恶意软件的主机的网络地址。 这些工具还为收集和存储服务提供网络地址。 工具提供的其他组件从例如多个报告客户端接收网络地址。 这些组件可以汇总报告客户端上的网络地址，并存储恶意软件和相关恶意软件地址的实例。