-
公开(公告)号:US08166113B2
公开(公告)日:2012-04-24
申请号:US11461984
申请日:2006-08-02
IPC分类号: G06F15/16
CPC分类号: H04L51/12
摘要: An electronic mail message (EMM) addressed to a distribution list of an enterprise is received at a server of the enterprise from a sending address outside of the enterprise. If the distribution list has no external addresses, then the EMM is blocked from being delivered to the distribution list. In an embodiment, if the distribution list has an external address and the sending address is identified in a safe sender list corresponding to the distribution list, then the EMM is delivered to the distribution list. In an embodiment, if the distribution list has an external address, the sending address is not in a safe sender list corresponding to the distribution list, and the content of the message is approved, then the EMM is delivered to the distribution list.
摘要翻译: 从企业外部的发送地址在企业的服务器处接收到发往企业分发列表的电子邮件消息(EMM)。 如果分发列表没有外部地址,则EMM被阻止传递到分发列表。 在一个实施例中,如果分发列表具有外部地址,并且在与分发列表相对应的安全发送者列表中识别发送地址,则将EMM传送到分发列表。 在一个实施例中,如果分发列表具有外部地址,则发送地址不在与分发列表对应的安全发送者列表中,并且消息的内容被批准,则EMM被递送到分发列表。
-
公开(公告)号:US07757290B2
公开(公告)日:2010-07-13
申请号:US11344360
申请日:2006-01-30
申请人: Mihai Costea , Yun Lin
发明人: Mihai Costea , Yun Lin
CPC分类号: G06F21/567
摘要: A method, apparatus, and computer readable medium are provided by aspects of the present invention to determine whether a malware is resident on a host computer. In one embodiment, a method determines whether data that is characteristic of malware is loaded in the system memory of a host computer. More specifically, the method includes causing a device communicatively connected to a host computer to issue a request to obtain data loaded in the system memory. Then, when the requested data is received, a determination is made regarding whether the data is characteristic of malware. Since, the method causes data to be obtained directly from system memory without relying on software services on the host computer, malware that employs certain stealth techniques will be identified.
摘要翻译: 通过本发明的方面提供方法,装置和计算机可读介质,以确定恶意软件是否驻留在主计算机上。 在一个实施例中,一种方法确定是否将具有恶意软件特征的数据加载到主计算机的系统存储器中。 更具体地,该方法包括使通信地连接到主计算机的设备发出获取加载到系统存储器中的数据的请求。 然后,当接收到所请求的数据时,确定数据是否是恶意软件的特性。 由于该方法可以直接从系统内存中获取数据,而不依赖主机上的软件服务,因此会识别采用某些隐身技术的恶意软件。
-
公开(公告)号:US07571482B2
公开(公告)日:2009-08-04
申请号:US11170792
申请日:2005-06-28
申请人: Alexey A. Polyakov , Gretchen L. Loihle , Mihai Costea , Robert J. Hensing, Jr. , Scott A. Field , Vincent R. Orgovan , Yi-Min Wang , Yun Lin
发明人: Alexey A. Polyakov , Gretchen L. Loihle , Mihai Costea , Robert J. Hensing, Jr. , Scott A. Field , Vincent R. Orgovan , Yi-Min Wang , Yun Lin
CPC分类号: G06F21/566
摘要: Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.
摘要翻译: RootKit检测器的实施例旨在识别被设计为隐藏恶意软件的计算机上的RootKit。 RootKit检测器的各个方面利用内核调试工具提供的服务来自动获取由操作系统维护的指定数据结构中的数据。 然后,使用完整性检查器处理从内核调试器设备获取的数据,该检查器确定数据是否包含足以声明RootKit驻留在计算机上的属性。
-
公开(公告)号:US20080034042A1
公开(公告)日:2008-02-07
申请号:US11461984
申请日:2006-08-02
IPC分类号: G06F15/16
CPC分类号: H04L51/12
摘要: An electronic mail message (EMM) addressed to a distribution list of an enterprise is received at a server of the enterprise from a sending address outside of the enterprise. If the distribution list has no external addresses, then the EMM is blocked from being delivered to the distribution list. In an embodiment, if the distribution list has an external address and the sending address is identified in a safe sender list corresponding to the distribution list, then the EMM is delivered to the distribution list. In an embodiment, if the distribution list has an external address, the sending address is not in a safe sender list corresponding to the distribution list, and the content of the message is approved, then the EMM is delivered to the distribution list.
摘要翻译: 从企业外部的发送地址在企业的服务器处接收到发往企业分发列表的电子邮件消息(EMM)。 如果分发列表没有外部地址,则EMM被阻止传递到分发列表。 在一个实施例中,如果分发列表具有外部地址,并且在与分发列表相对应的安全发送者列表中识别发送地址,则将EMM传送到分发列表。 在一个实施例中,如果分发列表具有外部地址,则发送地址不在与分发列表对应的安全发送者列表中,并且消息的内容被批准,则EMM被递送到分发列表。
-
公开(公告)号:US20070033434A1
公开(公告)日:2007-02-08
申请号:US11199474
申请日:2005-08-08
申请人: Mihai Costea
发明人: Mihai Costea
IPC分类号: G06F11/00
CPC分类号: G06F9/3885 , G06F9/3897 , G06F21/577
摘要: Change management of data processing paths by tentatively trying proposed alternative data processing path(s) without first giving up the existing processing path. If the alternative data processing path(s) does not give a more satisfactory result that the existing processing path, the existing processing path may be returned to. On the other hand, if any of the alternative processing path(s) do give a more satisfactory result, the alternative processing path may become permanent. The processing may be substantially automated.
摘要翻译: 通过暂时尝试提出的替代数据处理路径,而不先放弃现有的处理路径,来改变数据处理路径的管理。 如果替代数据处理路径没有给出现有处理路径更令人满意的结果,那么现有的处理路径可能返回到。 另一方面,如果替代处理路径中的任何一个确实给出更令人满意的结果,则替代处理路径可能变得永久。 处理可以基本上自动化。
-
公开(公告)号:US20060294592A1
公开(公告)日:2006-12-28
申请号:US11170792
申请日:2005-06-28
申请人: Alexey Polyakov , Gretchen Loihle , Mihai Costea , Robert Hensing , Scott Field , Vincent Orgovan , Yi-Min Wang , Yun Lin
发明人: Alexey Polyakov , Gretchen Loihle , Mihai Costea , Robert Hensing , Scott Field , Vincent Orgovan , Yi-Min Wang , Yun Lin
IPC分类号: G06F12/14
CPC分类号: G06F21/566
摘要: Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.
-
公开(公告)号:US20060174344A1
公开(公告)日:2006-08-03
申请号:US11047810
申请日:2005-01-31
申请人: Mihai Costea , Adrian Marinescu , Anil Thomas
发明人: Mihai Costea , Adrian Marinescu , Anil Thomas
IPC分类号: G06F12/14
CPC分类号: G06F21/564
摘要: In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.
摘要翻译: 根据本发明,提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统,方法和计算机可读介质。 本发明的一个方面包括当接收到包括恶意软件签名的软件更新时,识别需要扫描恶意软件的文件。 更具体地,通过搜索与恶意软件相关联的元数据来识别新的恶意软件的属性。 然后,该方法将搜索扫描缓存,并确定每个具有扫描缓存中的条目的文件是否是可能被恶意软件感染的类型。 如果文件是可能被恶意软件感染的文件,那么当发生诸如I / O请求的扫描事件时,该文件将被扫描恶意软件。 相反,如果文件不是可能被恶意软件感染的类型,则可能会访问该文件,而不执行扫描。
-
公开(公告)号:US20060095964A1
公开(公告)日:2006-05-04
申请号:US10976567
申请日:2004-10-29
申请人: Mihai Costea
发明人: Mihai Costea
IPC分类号: G06F12/14
CPC分类号: G06F21/562 , G06F21/56
摘要: A stamp is created and associated with a computer file. The stamp includes the address locations of data in the file that may be infiltrated by computer related viruses and/or malware. Using this stamp, an anti-virus program can identify the specific parts of the file that should be scanned for virus infection. Other data in the file are ignored during the scanning process.
摘要翻译: 创建邮票并与计算机文件相关联。 邮票包含文件中可能被计算机相关病毒和/或恶意软件渗透的数据的地址位置。 使用此邮票,防病毒程序可以识别应扫描病毒感染的文件的特定部分。 文件中的其他数据在扫描过程中被忽略。
-
公开(公告)号:US20050172339A1
公开(公告)日:2005-08-04
申请号:US10769106
申请日:2004-01-30
申请人: Mihai Costea , Michael Sheldon , Zeke Odins-Lucas , Marc Seinfeld
发明人: Mihai Costea , Michael Sheldon , Zeke Odins-Lucas , Marc Seinfeld
IPC分类号: G06F21/22 , G06F9/44 , G06F9/445 , G06F15/16 , G06F17/30 , G06F21/00 , H04L12/58 , H04L29/06 , H04L29/08 , H04L9/32
CPC分类号: G06F21/563 , H04L51/00 , H04L63/145
摘要: Detection of code-free files is described. According to one implementation, an input file is parsed to recognize a file format. Contents of the input file are checked according to the recognized file format, if available, in an effort to determine whether executable code might exist within the input file. A status is then sent in response to the checking.
摘要翻译: 描述无代码文件的检测。 根据一个实现,解析输入文件以识别文件格式。 根据识别的文件格式(如果可用)检查输入文件的内容,以确定输入文件中是否存在可执行代码。 然后响应于检查发送状态。
-
公开(公告)号:US20050171982A1
公开(公告)日:2005-08-04
申请号:US11095203
申请日:2005-03-31
申请人: Vinay Deo , Mihai Costea , Mahesh Lotlikar , Tak Lung , David Milstein , Gilad Odinak
发明人: Vinay Deo , Mihai Costea , Mahesh Lotlikar , Tak Lung , David Milstein , Gilad Odinak
CPC分类号: G07F7/1008 , G06F17/30067 , G06Q20/341 , G06Q20/3576 , Y10S707/99956
摘要: An integrated circuit (IC) module allows volatile data generated by applications to be stored within volatile data files in the volatile memory. A file system tracks the location of all data files as residing in either volatile memory or nonvolatile memory and facilitates access to the volatile data files in volatile memory in a similar manner to accessing nonvolatile data files in nonvolatile memory. The file system exposes a set of application program interfaces (APIs) to allow applications to access the data files. The same APIs are used to access both volatile data files and nonvolatile data files. When an application requests access to a data file, the file system initially determines whether the application is authorized to gain access to the data file. If it is, the file system next determines whether the data file resides in volatile memory or nonvolatile memory. Once the memory region is identified, the file system identifies the physical location of the data file.
摘要翻译: 集成电路(IC)模块允许由应用产生的易失性数据存储在易失性存储器中的易失性数据文件中。 文件系统跟踪驻留在易失性存储器或非易失性存储器中的所有数据文件的位置,并且以与在非易失性存储器中访问非易失性数据文件相似的方式便于访问易失性存储器中的易失性数据文件。 文件系统公开了一组应用程序接口(API),以允许应用程序访问数据文件。 使用相同的API来访问易失性数据文件和非易失性数据文件。 当应用程序请求访问数据文件时,文件系统最初确定应用程序是否被授权访问数据文件。 如果是,则文件系统接下来确定数据文件是驻留在易失性存储器还是非易失性存储器中。 一旦存储区域被识别,文件系统就会识别数据文件的物理位置。
-
-
-
-
-
-
-
-
-
搜索结果
61 条记录 (耗时 0.044 秒)
