公开(公告)号：US07627898B2

公开(公告)日：2009-12-01

申请号：US10997768

申请日：2004-11-23

申请人： Douglas Reed Beck ,  Aaron Roy Johnson ,  Roussi A. Roussev ,  Chad E. Verbowski ,  Binh Dou Vo ,  Yi-Min Wang

发明人： Douglas Reed Beck ,  Aaron Roy Johnson ,  Roussi A. Roussev ,  Chad E. Verbowski ,  Binh Dou Vo ,  Yi-Min Wang

IPC分类号： G08B23/00

CPC分类号： G06F21/565

摘要： A method and system for detecting that a software system has been infected by software that attempts to hide properties related to the software system is provided. A detection system identifies that a suspect operating system has been infected by malware by comparing properties related to the suspect operating system as reported by the suspect operating system to properties as reported by another operating system that is assumed to be clean. The detection system compares the reported properties to the actual properties to identify any significant differences. A significant difference, such as the presence of an actual file not reported by the suspect operating system, may indicate that the suspect storage device is infected.

摘要翻译： 提供了一种用于检测软件系统已经被试图隐藏与软件系统相关的属性的软件感染的方法和系统。 检测系统通过将可疑操作系统报告的与可疑操作系统相关的属性与被假设为干净的另一个操作系统报告的属性进行比较来识别可疑操作系统已被恶意软件感染。 检测系统将报告的属性与实际属性进行比较，以确定任何显着差异。 一个显着的差异，如可疑操作系统未报告的实际文件的存在，可能会指示可疑存储设备被感染。