公开(公告)号：US08701192B1

公开(公告)日：2014-04-15

申请号：US12495127

申请日：2009-06-30

申请人： Adam Glick ,  Spencer Dale Smith ,  Nicholas Robert Graf

发明人： Adam Glick ,  Spencer Dale Smith ,  Nicholas Robert Graf

IPC分类号： G06F21/00

CPC分类号： G06F21/566

摘要： Behavior based signatures for identifying applications are generated. An application is monitored as it runs. Specific behaviors concerning the execution of the application are detected, and a behavior based signature representing detected behaviors is created, such that the behavior based signature can be used subsequently to identify instances of the application. Behavior based signatures identifying known malicious and/or non-malicious applications can be used to determine whether other applications comprise malware. To do so, a running application is monitored, and specific behaviors concerning the execution of the application are detected. The detected behaviors are compared to one or more behavior based signatures. Responsive to whether the detected behaviors match, a behavior based signature, it can be determined whether the application comprises malware. An additional malware detection test, such as a heuristic analysis, can also be performed and used in determining whether the application comprises malware.

摘要翻译： 生成用于识别应用程序的基于行为的签名。 一个应用程序在运行时被监视。 检测与执行应用程序有关的具体行为，并且创建表示检测到的行为的基于行为的签名，使得随后可以使用基于行为的签名来识别应用的实例。 识别已知恶意和/或非恶意应用程序的基于行为的签名可用于确定其他应用程序是否包含恶意软件。 为此，监视正在运行的应用程序，并检测到与执行应用程序有关的具体行为。 将检测到的行为与一个或多个基于行为的签名进行比较。 响应于检测到的行为是否匹配，基于行为的签名，可以确定应用是否包括恶意软件。 还可以执行额外的恶意软件检测测试，例如启发式分析，并用于确定应用程序是否包含恶意软件。

公开(公告)号：US09350755B1

公开(公告)日：2016-05-24

申请号：US12407905

申请日：2009-03-20

申请人： Adam Lyle Glick ,  Spencer Dale Smith ,  Nicholas Robert Graf

发明人： Adam Lyle Glick ,  Spencer Dale Smith ,  Nicholas Robert Graf

IPC分类号： H04L29/06

CPC分类号： H04L63/145 ,  G06F21/552

摘要： A method and apparatus for detecting malware transmission through a web portal is provided. In one embodiment, a method for detecting malicious software transmission through the web portal comprises accessing a security scan history that comprises information regarding a plurality of executables that are scanned upon executable creation and comparing current executable creation activity with the security scan history to identify at least one executable that is not scanned.

摘要翻译： 提供了一种通过门户网站检测恶意软件传输的方法和装置。 在一个实施例中，一种用于检测通过门户网站进行的恶意软件传输的方法包括访问安全扫描历史，其包括关于可执行创建时扫描的多个可执行程序的信息，并将当前的可执行创建活动与安全扫描历史进行比较，以至少识别 一个不扫描的可执行文件。

公开(公告)号：US08566950B1

公开(公告)日：2013-10-22

申请号：US12705867

申请日：2010-02-15

申请人： Spencer Dale Smith ,  Adam Lyle Glice ,  Nicholas Robert Graf

发明人： Spencer Dale Smith ,  Adam Lyle Glice ,  Nicholas Robert Graf

IPC分类号： G06F21/00

CPC分类号： G06F21/57

摘要： A method and apparatus for detecting potentially misleading visual representation objects to secure a computer is described. In one embodiment, the method includes monitoring visual representation object creation with respect to the browser, accessing verification information, wherein the verification information comprises commonly used user interface elements for forming legitimate system messages, examining web data associated with the created visual representation objects, wherein the web data is compared with the verification information to identify imitating content within the created visual representation objects and modifying at least one of the created visual representation objects to accentuate the imitating content.

摘要翻译： 描述了用于检测潜在的误导性视觉表示对象以固定计算机的方法和装置。 在一个实施例中，该方法包括监视关于浏览器的视觉表示对象创建，访问验证信息，其中验证信息包括用于形成合法系统消息的常用用户界面元素，检查与所创建的可视表示对象相关联的网络数据，其中 将网络数据与验证信息进行比较，以识别所创建的可视表示对象内的模仿内容，并修改所创建的可视表示对象中的至少一个，以强调模仿内容。

公开(公告)号：US08549626B1

公开(公告)日：2013-10-01

申请号：US12407903

申请日：2009-03-20

申请人： Adam Lyle Glick ,  Spencer Dale Smith ,  Nicholas Robert Graf

发明人： Adam Lyle Glick ,  Spencer Dale Smith ,  Nicholas Robert Graf

IPC分类号： G06F21/00

CPC分类号： G06F21/577 ,  G06F21/566 ,  H04L63/1416 ,  H04L63/1433

摘要： A method and apparatus for securing a computer from malicious threats through generic remediation is described. In one embodiment, the method for securing a computer from malicious threats through generic remediation includes processing at least one malicious threat to the computer, wherein the at least one malicious threat is not associated with a specific remediation technique and examining information regarding prior remediation of the at least one malicious threat by at least one computer to determine at least one remediation technique for the at least one malicious threat.

摘要翻译： 描述了通过通用修复来保护计算机免受恶意威胁的方法和装置。 在一个实施例中，用于通过通用修复来保护计算机免受恶意威胁的方法包括对计算机处理至少一个恶意威胁，其中所述至少一个恶意威胁不与特定修复技术相关联，并且检查关于先前修复的信息 由至少一台计算机发起至少一种恶意威胁，以确定至少一种恶意威胁的修复技术。