Systems and methods for automatically detecting and preventing phishing attacks
    1.
    发明授权
    Systems and methods for automatically detecting and preventing phishing attacks 有权
    用于自动检测和防止网络钓鱼攻击的系统和方法

    公开(公告)号:US08776196B1

    公开(公告)日:2014-07-08

    申请号:US13557051

    申请日:2012-07-24

    CPC分类号: H04L63/1483 H04L63/1408

    摘要: A computer-implemented method for automatically detecting and preventing phishing attacks may include (1) maintaining a credentials store for a user of the computing device that identifies both at least one known-legitimate website and credentials associated with the known-legitimate website, (2) detecting an attempt by the user to enter the same credentials that are associated with the known-legitimate website into a new website that is not associated with the credentials in the credentials store, and then, prior to allowing the credentials to pass to the new website, (3) automatically warning the user that the new website potentially represents an attempt to phish the credentials associated with the known-legitimate website from the user. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于自动检测和防止网络钓鱼攻击的计算机实现的方法可以包括(1)维护用于识别至少一个已知合法网站和与已知合法网站相关联的证书的计算设备的用户的凭证存储(2) )检测用户尝试将与已知合法网站相关联的相同凭证输入到与凭证存储器中的凭证不相关联的新网站,然后在允许凭据传递到新的 网站,(3)自动向用户发出警告,表示新网站可能代表尝试从用户那里窃取与已知合法网站相关联的凭据。 还公开了各种其它方法,系统和计算机可读介质。

    Systems and methods for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions
    2.
    发明授权
    Systems and methods for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions 有权
    使用信誉信息评估通过洪流交易获得的文件的可信赖性的系统和方法

    公开(公告)号:US08627463B1

    公开(公告)日:2014-01-07

    申请号:US12880581

    申请日:2010-09-13

    IPC分类号: G06F11/00

    摘要: A computer-implemented method for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions may include (1) identifying a torrent file that includes metadata for facilitating a torrent transaction for obtaining a target file via a peer-to-peer file-sharing protocol, (2) identifying at least one entity involved in the torrent transaction, (3) obtaining reputation information associated with the entity involved in the torrent transaction, wherein the reputation information identifies a community's opinion on the trustworthiness of the entity, (4) determining, based at least in part on the reputation information associated with the entity involved in the torrent transaction, that the target file represents a potential security risk, and then (5) performing a security action on the target file. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于使用信誉信息来评估通过种子事务获得的文件的可信赖性的计算机实现的方法可以包括(1)识别包括元数据的torrent文件,以便于通过点对点文件获取目标文件的洪流事务, (2)确定洪流交易中涉及到的至少一个实体,(3)获取与洪流交易相关的实体相关的信誉信息,其中信誉信息识别社区对该实体的可信度的意见(4 )至少部分地基于与所述洪流事务中涉及的实体相关联的信誉信息确定所述目标文件表示潜在的安全风险,然后(5)对所述目标文件执行安全动作。 还公开了各种其它方法,系统和计算机可读介质。

    Systems and methods for restoring applications

    公开(公告)号:US09733929B1

    公开(公告)日:2017-08-15

    申请号:US12839615

    申请日:2010-07-20

    IPC分类号: G06F9/44

    摘要: A method for restoring applications may include: 1) identifying an installation file that includes an application; 2) monitoring the installation file to identify a set of application files generated as a result of installing the application from the installation file; 3) assigning, to each application file in the set of application files, an application identifier that associates each application file in the set of application files with the application; 4) backing up the application by copying each application file in the set of application files to a backup storage system; 5) receiving a request to restore each application file in the set of application files; and 6) restoring the application by using the application identifier to locate each application file in the set of application files within the backup storage system. Various other methods, systems, and computer-readable media are also disclosed.

    Systems and methods for user-directed malware remediation
    4.
    发明授权
    Systems and methods for user-directed malware remediation 有权
    用于用户导向的恶意软件修复的系统和方法

    公开(公告)号:US08904538B1

    公开(公告)日:2014-12-02

    申请号:US13419360

    申请日:2012-03-13

    IPC分类号: G06F21/00 G06F21/56

    摘要: A computer-implemented method for user-directed malware remediation may include 1) identifying a window within a graphical user interface of a computing environment, 2) identifying a user-directed interface event directed at the window, 3) determining, based at least in part on the user-directed interface event, that a process represented by the window poses a security risk, and 4) performing a remediation action on the process based on determining that the process poses the security risk. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于用户导向的恶意软件修复的计算机实现的方法可以包括:1)识别计算环境的图形用户界面内的窗口,2)识别指向该窗口的用户导向的接口事件,3)至少基于 部分用户导向的接口事件,由窗口表示的进程造成安全风险,以及4)基于确定该过程造成安全风险,对进程执行修复操作。 还公开了各种其它方法,系统和计算机可读介质。

    Systems and methods for using tiered signing certificates to manage the behavior of executables
    5.
    发明授权
    Systems and methods for using tiered signing certificates to manage the behavior of executables 有权
    使用分层签名证书来管理可执行文件的行为的系统和方法

    公开(公告)号:US08844024B1

    公开(公告)日:2014-09-23

    申请号:US12408950

    申请日:2009-03-23

    IPC分类号: G06F21/00 G06F21/44

    CPC分类号: G06F21/44 G06F21/53

    摘要: Computer-implemented methods and systems for using tiered signing certificates to manage the behavior of executables are disclosed. In one example, a method for performing such a task may include: 1) identifying an executable file, 2) identifying a signing certificate associated with the executable file, 3) identifying, within the signing certificate, a privilege level associated with the executable file, and then 4) managing behavior of the executable file in accordance with the privilege level associated with the executable file. Corresponding methods and systems for generating tiered signing certificates for executable files are also disclosed.

    摘要翻译: 公开了使用分层签名证书来管理可执行文件行为的计算机实现的方法和系统。 在一个示例中,用于执行这样的任务的方法可以包括:1)识别可执行文件,2)识别与可执行文件相关联的签名证书,3)在签名证书内识别与可执行文件相关联的特权级别 ,然后4)根据与可执行文件相关联的权限级别来管理可执行文件的行为。 还公开了用于生成可执行文件的分层签名证书的相应方法和系统。

    Signature creation for malicious network traffic
    6.
    发明授权
    Signature creation for malicious network traffic 有权
    恶意网络流量的签名创建

    公开(公告)号:US08782790B1

    公开(公告)日:2014-07-15

    申请号:US12709432

    申请日:2010-02-19

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1441 H04L63/1416

    摘要: An endpoint on a network uses detection data to detect a malicious software attack. The endpoint identifies content associated with the attack, such as a component of a web page, and generates a description of the content. The endpoint sends the description to a security server. The security server analyzes the content and identifies characteristics of the content that are present when the content is carried by network traffic. The security server generates a traffic signature that specifies the identified characteristics and provides the traffic signature to inspection points. The inspection points, in turn, use the traffic signature to examine network traffic passing through the inspection points to detect network traffic carrying the content. The attack detection at the endpoint thus informs the traffic signature-based detection at the inspection points and reduces the spread of malicious software.

    摘要翻译: 网络上的端点使用检测数据来检测恶意软件攻击。 端点识别与攻击相关联的内容,例如网页的组件,并生成内容的描述。 端点将说明发送到安全服务器。 安全服务器分析内容并识别内容由网络流量携带时存在的内容的特征。 安全服务器生成指定已识别特征的流量签名,并向检查点提供流量签名。 检查点依次使用流量签名来检查通过检查点的网络流量,以检测携带内容的网络流量。 因此,端点的攻击检测通知了检查点的基于流量签名的检测,减少了恶意软件的传播。

    Systems and methods for locating malware
    7.
    发明授权
    Systems and methods for locating malware 有权
    查找恶意软件的系统和方法

    公开(公告)号:US08621632B1

    公开(公告)日:2013-12-31

    申请号:US12470312

    申请日:2009-05-21

    IPC分类号: H04L29/06

    CPC分类号: G06F21/566 H04L63/1425

    摘要: A computer-implemented method for locating malware may include identifying a malicious behavior in a computing system. The computer-implemented method may also include determining that the malicious behavior arises from a set of interrelated executable objects. The computer-implemented method may further include identifying an executable object recently added to the set of interrelated executable objects. The computer-implemented method may additionally include attributing the malicious behavior to the recently added executable object based on when the recently added executable object was added to the set of interrelated executable objects. The computer-implemented method may also include performing a security action on the recently added executable object. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于定位恶意软件的计算机实现的方法可以包括识别计算系统中的恶意行为。 计算机实现的方法还可以包括确定恶意行为是由一组相互关联的可执行对象产生的。 计算机实现的方法还可以包括识别最近添加到相关联的可执行对象集合中的可执行对象。 计算机实现的方法可以另外包括基于最近添加的可执行对象何时添加到相关联的可执行对象的集合,将恶意行为归因于最近添加的可执行对象。 计算机实现的方法还可以包括对最近添加的可执行对象执行安全动作。 还公开了各种其它方法,系统和计算机可读介质。

    Systems and methods for updating parental-control settings
    8.
    发明授权
    Systems and methods for updating parental-control settings 有权
    用于更新家长控制设置的系统和方法

    公开(公告)号:US08418223B1

    公开(公告)日:2013-04-09

    申请号:US12838938

    申请日:2010-07-19

    IPC分类号: G06F17/00 G06F15/16

    CPC分类号: G09B7/02

    摘要: A computer-implemented method may include establishing, within a parental-control software system, an academic-performance policy that defines how academic performance of a student affects at least one parental-control setting enforced on a computing system accessible to the student. The computer-implemented method may also include receiving, via an electronic communication from a school of the student, grade information that indicates the student's academic performance. The computer-implemented method may further include applying the academic-performance policy by updating the parental-control setting commensurate with the student's academic performance. In addition, the computer-implemented method may include detecting an attempt by the student to access a resource of the computing system and applying the updated parental-control setting to control the student's access to the resource of the computing system.

    摘要翻译: 计算机实现的方法可以包括在家长控制软件系统内建立学术性能策略,其定义学生的学业成绩如何影响学生可访问的计算系统上强制执行的至少一个家长控制设置。 计算机实现的方法还可以包括通过来自学生的学校的电子通信来接收指示学生的学业成绩的成绩信息。 计算机实现的方法还可以包括通过更新与学生的学业成绩相称的父母控制设置来应用学业成绩政策。 此外,计算机实现的方法可以包括检测学生访问计算系统的资源的尝试并应用更新的家长控制设置来控制学生对计算系统的资源的访问。

    Systems and methods for using reputation data to detect packed malware
    9.
    发明授权
    Systems and methods for using reputation data to detect packed malware 有权
    使用信誉数据检测包装恶意软件的系统和方法

    公开(公告)号:US08336100B1

    公开(公告)日:2012-12-18

    申请号:US12545527

    申请日:2009-08-21

    IPC分类号: G06F21/00

    CPC分类号: G06F21/577

    摘要: A computer-implemented method for using reputation data to detect packed malware may include: 1) identifying a file downloaded from a portal, 2) determining that the file has been packed, 3) obtaining community-based reputation data for the file, 4) determining, by analyzing the reputation data, that instances of the file have been encountered infrequently (or have never been encountered) within the community, and then 5) performing a security operation on the file (by, for example, quarantining or deleting the file).

    摘要翻译: 用于使用信誉数据来检测包装的恶意软件的计算机实现的方法可以包括:1)识别从门户下载的文件,2)确定该文件已被打包,3)获得该文件的基于社区的信誉数据,4) 通过分析信誉数据来确定文件的实例在社区内经常(或从未遇到过),然后5)对文件执行安全操作(例如通过隔离或删除文件 )。

    Systems and methods for detecting fraudulent software applications that generate misleading notifications
    10.
    发明授权
    Systems and methods for detecting fraudulent software applications that generate misleading notifications 有权
    用于检测产生误导性通知的欺诈性软件应用程序的系统和方法

    公开(公告)号:US09152790B1

    公开(公告)日:2015-10-06

    申请号:US12470213

    申请日:2009-05-21

    IPC分类号: G06F21/56

    CPC分类号: G06F21/566 G06F21/554

    摘要: A computer-implemented method for detecting fraudulent software applications that generate misleading notifications is disclosed. In one example, such a method may comprise: 1) detecting a notification generated by an application installed on the computing device, 2) accessing criteria for determining, based at least in part on characteristics of the notification, whether the application is trustworthy, 3) determining, by applying the criteria, that the application is untrustworthy, and then 4) performing a security operation on the application. Corresponding systems and computer-readable media are also disclosed.

    摘要翻译: 公开了一种用于检测产生误导通知的欺诈软件应用的计算机实现的方法。 在一个示例中,这样的方法可以包括:1)检测由安装在计算设备上的应用产生的通知,2)访问用于至少部分地基于通知的特征确定应用是否可信的准入 )通过应用标准确定应用程序不可信任,然后4)对应用程序执行安全操作。 还公开了相应的系统和计算机可读介质。