-
公开(公告)号:US10083301B2
公开(公告)日:2018-09-25
申请号:US15362012
申请日:2016-11-28
申请人: F-Secure Corporation
发明人: Daavid Hentunen
CPC分类号: G06F21/566 , G06F21/53 , G06F21/552 , G06F2221/033 , H05K999/99
摘要: A method of detecting malware present on a computer system. A set of applications is predefined as benign, and profiles are provided for respective benign applications. Each profile identifies one or more procedures known to be performed by the associated benign application, each procedure being identified by a characteristic action and one or more expected actions. Behavior of the computer system is monitored to detect performance, by a running application, of a characteristic action of a procedure of a benign application. Upon detection of performance of a characteristic action, the profile provided for the associated benign application is used to detect a deviation from the expected actions of the procedure; and the detection of a deviation is used to identify the running application as malicious or suspicious.
-
公开(公告)号:US10033746B2
公开(公告)日:2018-07-24
申请号:US14253228
申请日:2014-04-15
申请人: F-Secure Corporation
发明人: Jarno Niemela , Veli-Jussi Kesti
摘要: Methods, apparatus, systems are provided for use in detecting unauthorized changes to websites of web operators. Authorized content policy sets for each of a multiplicity of websites from web operators are collected and stored. In addition, content information obtained in respect web content downloaded from said websites by a multiplicity of client devices, client proxy devices, and/or client gateway devices is used to identify websites that do not conform to respective policy sets. Alerts are sent to the web operator of any non-conforming website. Optionally, alerts may be sent to client devices, client gateway devices, and/or client proxy devices for use in scanning or blocking the web content from non-conforming websites.
-
公开(公告)号:US09846779B2
公开(公告)日:2017-12-19
申请号:US14624617
申请日:2015-02-18
申请人: F-Secure Corporation
发明人: Daavid Hentunen
CPC分类号: G06F21/577 , G06F21/54 , G06F2221/033
摘要: A method and apparatus for detecting a Return-Oriented Programming exploitation. At a computer device, a mechanism to detect a control transfer of a code location in a memory is established. This may be, for example, hooking the control transfer. The code location relates to an electronic file. In the event that a control transfer of the code location is detected, a comparison is made between a destination code location address with values in the freed stack. If the code location address matches any of the values in the freed stack, then it is determined that the control transfer of the code location relates to a Return-Oriented Programming exploitation.
-
公开(公告)号:US09787699B2
公开(公告)日:2017-10-10
申请号:US15334775
申请日:2016-10-26
申请人: F-Secure Corporation
发明人: Mikko Suominen
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/566 , H04L63/1425 , H04L63/145
摘要: There is provided a malware analysis method including at a computer device having an operating system and a memory: collecting Dynamic Link Library (DLL) data under a system folder, the data including at least the DLL name and all pairs of exported function names and function addresses relative to the starting address of the DLL once it has been loaded into memory; comparing the two least significant bytes of the collected function addresses with the two least significant bytes of absolute virtual addresses in a memory dump; deducing a list of potential targets for API function calls when there is a match between the compared two least significant bytes of the collected function addresses and the absolute virtual addresses; and quarantining or deleting malware from which the suspicious API function calls originated.
-
公开(公告)号:US09712556B2
公开(公告)日:2017-07-18
申请号:US14940388
申请日:2015-11-13
申请人: F-Secure Corporation
发明人: Timo Hirvonen , Mika Stahlberg
CPC分类号: H04L63/1441 , G06F21/554 , G06F21/566 , G06F21/577 , G06F21/6245 , H04L63/0227 , H04L63/101 , H04L63/108
摘要: A method and device for preventing a browser-originating attack in a local area network. A security device in the local area network intercepts a message from a first device in the local area network towards a second device in the local area network. The message requests connection between the first device and the second device. The security device prompts a user of the first device to approve the connection. In the event that the user approves the connection the first device is allowed to connect to the second device, and in the event that the user does not approve the connection the connection attempt is terminated.
-
公开(公告)号:US09654494B2
公开(公告)日:2017-05-16
申请号:US14249747
申请日:2014-04-10
申请人: F-Secure Corporation
发明人: Daavid Hentunen
CPC分类号: H04L63/1441 , H04L61/1511 , H04L61/2514 , H04L61/305 , H04L61/6009 , H04L63/145 , H04L2463/144
摘要: Methods, apparatus, connection systems, and client devices are described. The apparatus receives a multiplicity of DNS query messages from multiple client devices. For each received DNS query message to a malware domain name or a particular domain name, the apparatus sends a marker DNS response message to the corresponding client device for use in detecting whether the client device is infected with malware or is accessing the particular domain name. The connection system receives a connection request from a client device of the multiple client devices for access to the communication network, and sends marker detection information to the client device for use in identifying whether client device is marked as infected with malware or accessing a particular domain name. It is determined whether the client device is infected with malware or accessed the particular domain name. The client device may be blocked or granted access to the communication network.
-
公开(公告)号:US09591019B2
公开(公告)日:2017-03-07
申请号:US14068133
申请日:2013-10-31
申请人: F-Secure Corporation
发明人: Matteo Cafasso , Matias Suarez , Ville Lindfors , Jarno Niemela
CPC分类号: H04L63/145 , G06F21/36 , G06F21/564 , H04L63/1408
摘要: Malicious object detection is disclosed. An apparatus includes one or more processors, and one or more memories including computer program code. The one or more memories and the computer program code are configured to, with the one or more processors, cause the apparatus at least to perform: obtain image data; obtain association data relating to the image data; identify the image data as corresponding to an identified image among known reference images; and set reputation data of the association data as suspicious, if the association data does not match acceptable associations for the identified image.
摘要翻译: 公开了恶意对象检测。 一种装置包括一个或多个处理器,以及包括计算机程序代码的一个或多个存储器。 所述一个或多个存储器和所述计算机程序代码被配置为:利用所述一个或多个处理器使所述设备至少执行:获得图像数据; 获取与图像数据有关的关联数据; 识别与已知参考图像中的识别图像相对应的图像数据; 并且如果关联数据与所识别的图像的可接受关联不匹配,则将关联数据的信誉数据设置为可疑。
-
公开(公告)号:US09342694B2
公开(公告)日:2016-05-17
申请号:US14131004
申请日:2011-07-06
申请人: Kimmo Kasslin , Pavel Turbin
发明人: Kimmo Kasslin , Pavel Turbin
CPC分类号: G06F21/56 , G06F21/564 , G06F21/568 , G06F21/575
摘要: In accordance with an example embodiment of the present invention, there is provided an apparatus, comprising: at least one processor; and at least one memory including executable instructions. The at least one memory and the executable instructions are configured to, in cooperation with the at least one processor, cause the apparatus to perform at least the following: during the loading of an operating system, loading a boot time driver installed by an anti-virus application; reading a master boot record data by the boot time driver as soon as the operating system is ready to handle the request for reading the master boot record data; analyzing the collected master boot record data to identify any malicious entities; and in the event that malicious entities are identified, controlling the behavior of the processing system in order to disable the malicious entity.
摘要翻译: 根据本发明的示例性实施例,提供了一种装置,包括:至少一个处理器; 以及包括可执行指令的至少一个存储器。 所述至少一个存储器和可执行指令被配置为与所述至少一个处理器协作使得所述设备至少执行以下操作:在所述操作系统的加载期间,加载由所述至少一个处理器安装的引导时间驱动器, 病毒应用; 一旦操作系统准备好处理读取主引导记录数据的请求,就由引导时间驱动程序读取主引导记录数据; 分析收集的主引导记录数据以识别任何恶意实体; 并且在恶意实体被识别的情况下,控制处理系统的行为以禁用恶意实体。
-
公开(公告)号:US20160112444A1
公开(公告)日:2016-04-21
申请号:US14886248
申请日:2015-10-19
申请人: F-Secure Corporation
IPC分类号: H04L29/06
CPC分类号: G06F21/567 , G06F21/56 , H04L63/145
摘要: A method of detecting malware on a client computer, the method including generating a hash of an entity at the client computer, whereby the entity is suspected to be malware, sending the hash to a network server, considering the reputation of the hash at the network server by comparing the hash to a database of hashes of known reputation, returning the results of said considering to the client computer, and, if the reputation is not known at the server, sending instructions to the client computer for obtaining further information about the entity at the client computer, wherein said further information is obtained by executing code at the client computer sent by the server to the client computer after said considering the reputation if said code is not stored at the client computer before said generating a hash.
摘要翻译: 一种在客户端计算机上检测恶意软件的方法,所述方法包括在客户端计算机上生成实体的散列,由此该实体被怀疑是恶意软件,将散列发送到网络服务器,考虑到网络上的散列信誉 服务器通过将散列与已知信誉的散列数据库进行比较,将所述考虑的结果返回到客户端计算机,并且如果在服务器上不知道信誉,则向客户端计算机发送指令以获得有关实体的进一步信息 其中所述另外的信息是通过在所述生成散列之前在所述代码未被存储在所述客户端计算机之后考虑所述信誉之后,在由所述服务器发送到所述客户端计算机的客户计算机上执行代码而获得的。
-
公开(公告)号:US09275228B2
公开(公告)日:2016-03-01
申请号:US14184845
申请日:2014-02-20
申请人: F-Secure Corporation
发明人: Jarno Niemela , Veli-Jussi Kesti
CPC分类号: G06F21/57 , H04L63/0853 , H04L2463/082
摘要: Methods are detailed for online fraud prevention. In one approach state information of a first and a second device is monitored, both of which are associated with one user. During a multi-factor authentication procedure which utilizes at least one of the first and the second devices for authorizing a transaction by an Internet domain, a security server participates in a supplemental security procedure which is conditional on the monitored state information. In another approach the second device receives a message that is ostensibly related to multi-factor authorization by an Internet domain, and in response sends a query about state information of the first device. Based on the response to the query that indicates the state information, the second device performs a supplemental security procedure.
摘要翻译: 网络欺诈预防方法详细。 在一种方法中,监视第一和第二设备的信息,两者都与一个用户相关联。 在利用第一和第二设备中的至少一个用于由因特网域授权交易的多因素认证过程中,安全服务器参与补充安全过程,该安全过程以所监视的状态信息为条件。 在另一种方法中,第二设备接收表面上与互联网域的多因素授权相关的消息,并且响应于发送关于第一设备的状态信息的查询。 基于指示状态信息的对查询的响应,第二设备执行补充安全过程。
-
-
-
-
-
-
-
-
-
搜索结果
212 条记录 (耗时 0.035 秒)
