-
1.发明授权公开(公告)号:US07013483B2
公开(公告)日:2006-03-14
申请号:US10335871
申请日:2003-01-03
申请人: Oded Cohen , Inbal Meir , Yanki Margalit , Dany Margalit
发明人: Oded Cohen , Inbal Meir , Yanki Margalit , Dany Margalit
IPC分类号: H04L713/20
CPC分类号: G06F21/566
摘要: The present invention is directed to a method for emulating an executable code, whether it is a human-readable code (e.g., macro and script) or a compiled code (e.g. Windows executable). At the design time, one or more content attributes are defined for the variables of the code. A content attribute indicates a property with relevance to maliciousness, e.g. Windows directory, a random value, “.EXE” at the right of a string, etc. A content attribute may be implemented, for example, by a flag. Also defined at the design time, is a list of malicious states, where a malicious state comprises at least the combination of a call to a certain system function with certain content, as the calling parameter(s). When emulating an assignment instruction, the attributes of the assigned variable are set according to the assigned content. When emulating a mathematical operator, a content mathematics is also applied. When emulating a function call, the current state (i.e. the function identity and the calling content and values) is compared with the pre-defined malicious states, and if at least one malicious state corresponds, then the maliciousness of the code is determined.
摘要翻译: 本发明涉及一种用于模拟可执行代码的方法,无论是人类可读代码(例如,宏和脚本)还是编译代码(例如Windows可执行文件)。 在设计时,为代码的变量定义一个或多个内容属性。 内容属性表示与恶意相关的属性,例如 Windows目录,随机值,字符串右侧的“.EXE”等。内容属性可以例如通过标志来实现。 还在设计时定义的是恶意状态的列表,其中恶意状态至少包括对具有特定内容的特定系统功能的呼叫的组合作为呼叫参数。 当模拟分配指令时,根据分配的内容设置分配变量的属性。 在模拟数学运算符时,也应用内容数学。 当模拟函数调用时,将当前状态(即函数标识和调用内容和值)与预定义的恶意状态进行比较,如果至少一个恶意状态对应,则确定代码的恶意。
-
公开(公告)号:US07603614B2
公开(公告)日:2009-10-13
申请号:US10436047
申请日:2003-05-13
申请人: Oded Cohen , Yanki Margalit , Dany Margalit
发明人: Oded Cohen , Yanki Margalit , Dany Margalit
IPC分类号: G11C29/00
CPC分类号: G06F11/1004 , G11C2029/0411
摘要: A method and system for indicating an executable as Trojan Horse, based on the CRC values of the routines of an executable. The method comprising a preliminary stage in which the CRC values of the routines of known Trojan Horses are gathered in a database, and a stage in which indicating an executable as Trojan Horse is carried out by the correspondence of the CRC values of the routines of said executable to the CRC values of the known Trojan Horses, as gathered in said database. The system comprising means for calculating the CRC values of routines; means for identifying the borders of the routines of an executable; a database system, for storing the CRC values of routines of known Trojan Horses; and means for determining the correspondence between two groups of CRC values, thereby enabling detection of the correspondence of an executable to at least one known Trojan Horse.
摘要翻译: 基于可执行程序的例程的CRC值来指示作为特洛伊木马的可执行程序的方法和系统。 所述方法包括初步阶段,其中已知特洛伊木马的例程的CRC值被收集在数据库中,并且其中指示作为特洛伊木马的可执行文件的阶段通过所述的所述程序的CRC值的对应来执行 可执行到已知的特洛伊木马的CRC值,如在所述数据库中收集的。 该系统包括用于计算例程的CRC值的装置; 用于识别可执行程序的例程的边界的装置; 数据库系统,用于存储已知特洛伊木马的例程的CRC值; 以及用于确定两组CRC值之间的对应关系的装置,由此能够检测可执行程序与至少一个已知特洛伊木马的对应关系。
-
公开(公告)号:US20070226603A1
公开(公告)日:2007-09-27
申请号:US10436047
申请日:2003-05-13
申请人: Oded Cohen , Yanki Margalit , Dany Margalit
发明人: Oded Cohen , Yanki Margalit , Dany Margalit
IPC分类号: G11C29/00
CPC分类号: G06F11/1004 , G11C2029/0411
摘要: A method and system for indicating an executable as Trojan Horse, based on the CRC values of the routines of an executable. The method comprising a preliminary stage in which the CRC values of the routines of known Trojan Horses are gathered in a database, and a stage in which indicating an executable as Trojan Horse is carried out by the correspondence of the CRC values of the routines of said executable to the CRC values of the known Trojan Horses, as gathered in said database. The system comprising means for calculating the CRC values of routines; means for identifying the borders of the routines of an executable; a database system, for storing the CRC values of routines of known Trojan Horses; and means for determining the correspondence between two groups of CRC values, thereby enabling detection of the correspondence of an executable to at least one known Trojan Horse.
摘要翻译: 基于可执行程序的例程的CRC值来指示作为特洛伊木马的可执行程序的方法和系统。 所述方法包括初步阶段,其中已知特洛伊木马的例程的CRC值被收集在数据库中,并且其中指示作为特洛伊木马的可执行文件的阶段通过所述的所述程序的CRC值的对应来执行 可执行到已知的特洛伊木马的CRC值,如在所述数据库中收集的。 该系统包括用于计算例程的CRC值的装置; 用于识别可执行程序的例程的边界的装置; 数据库系统,用于存储已知特洛伊木马的例程的CRC值; 以及用于确定两组CRC值之间的对应关系的装置,由此能够检测可执行程序与至少一个已知特洛伊木马的对应关系。
-
公开(公告)号:US20050235160A1
公开(公告)日:2005-10-20
申请号:US10826503
申请日:2004-04-19
申请人: Oded Cohen , Yanki Margalit , Dany Margalit
发明人: Oded Cohen , Yanki Margalit , Dany Margalit
CPC分类号: H04L63/0227 , H04L63/123 , H04L63/145
摘要: A method for preventing activating a malicious object passing through a checkpoint, and decreasing the overall inspection delay thereof, the method comprising the steps of: (a) at the checkpoint, creating an envelope file, being an executable file comprising: the object; code for extracting the object from the envelope file; and an indicator for indicating the integrity of the object; (b) forwarding the envelope file instead of the object toward its destination, while holding at least a part of the envelope file which comprises the indicator; (c) inspecting the object; and (d) setting the indicator on the envelope file to indicate the inspection result thereof, and releasing the rest of the envelope file.
摘要翻译: 一种用于防止激活通过检查点的恶意对象并减少其整体检查延迟的方法,所述方法包括以下步骤:(a)在所述检查点处,创建作为可执行文件的包络文件,包括:所述对象; 从信封文件中提取对象的代码; 以及用于指示对象的完整性的指示符; (b)将所述信封文件代替所述对象转发到其目的地,同时保持包括所述指示符的信封文件的至少一部分; (c)检查物体; 和(d)在信封文件上设置指示符以指示其检查结果,并释放信封文件的其余部分。
-
公开(公告)号:US20050081057A1
公开(公告)日:2005-04-14
申请号:US10681904
申请日:2003-10-10
申请人: Oded Cohen , Yanki Margalit , Dany Margalit
发明人: Oded Cohen , Yanki Margalit , Dany Margalit
CPC分类号: H04L63/145 , G06F21/562 , H04L51/00
摘要: The present invention relates to a method for preventing exploiting an email message and a system thereof. The method comprising: decomposing the email message to its components; for each of the components, correcting the structural form (e.g. structure, format, and content) of the component to comply with common rules thereof whenever the structural form of the component deviates from the rules; and recomposing the email message from its components (in their recent state). The rules relate to email messages structure, for preventing malformed structure of email messages, for preventing exploiting an email message, etc. In case where the structural form of the component cannot be identified, the component may not be included within the recomposed email message, or included as is to the recomposed email message.
摘要翻译: 本发明涉及一种防止利用电子邮件消息的方法及其系统。 所述方法包括:将所述电子邮件消息分解为其组件; 对于每个组件,只要组件的结构形式偏离规则,则校正组件的结构形式(例如,结构,格式和内容)以符合其共同规则; 并重新组合来自其组件的电子邮件(在其最近的状态)。 该规则涉及电子邮件消息结构,用于防止电子邮件消息的错误结构,用于防止利用电子邮件消息等。在不能识别组件的结构形式的情况下,组件可能不包括在重组的电子邮件消息中, 或按照重组的电子邮件包装。
-
公开(公告)号:US07386884B2
公开(公告)日:2008-06-10
申请号:US10826503
申请日:2004-04-19
申请人: Oded Cohen , Yanki Margalit , Dany Margalit
发明人: Oded Cohen , Yanki Margalit , Dany Margalit
IPC分类号: G06F12/14
CPC分类号: H04L63/0227 , H04L63/123 , H04L63/145
摘要: A method for preventing activating a malicious object passing through a checkpoint, and decreasing the overall inspection delay thereof, the method comprising the steps of: (a) at the checkpoint, creating an envelope file, being an executable file comprising: the object; code for extracting the object from the envelope file; and an indicator for indicating the integrity of the object; (b) forwarding the envelope file instead of the object toward its destination, while holding at least a part of the envelope file which comprises the indicator; (c) inspecting the object; and (d) setting the indicator on the envelope file to indicate the inspection result thereof, and releasing the rest of the envelope file.
摘要翻译: 一种用于防止激活通过检查点的恶意对象并减少其整体检查延迟的方法,所述方法包括以下步骤:(a)在所述检查点处,创建作为可执行文件的包络文件,包括:所述对象; 从信封文件中提取对象的代码; 以及用于指示对象的完整性的指示符; (b)将所述信封文件代替所述对象转发到其目的地,同时保持包括所述指示符的信封文件的至少一部分; (c)检查物体; 和(d)在信封文件上设置指示符以指示其检查结果,并释放信封文件的其余部分。
-
公开(公告)号:US20060010495A1
公开(公告)日:2006-01-12
申请号:US10883676
申请日:2004-07-06
申请人: Oded Cohen , Yanki Margalit , Dany Margalit
发明人: Oded Cohen , Yanki Margalit , Dany Margalit
IPC分类号: G06F11/00
CPC分类号: H04L63/1441 , G06F21/56
摘要: In an inspection facility (e.g. at a gateway server, at a proxy server, at a firewall to a network, at an entrance to a local area network or even at the user's computer) connected to an anti-virus center for updates, a method for protecting a computer from suspicious objects (e.g. a file, an executable, a Web page, an email message, etc.), the method comprising the steps of: inspecting an object; upon determining the object as suspicious, holding the object in quarantine (e.g. preventing from the object to be forwarded to its destination) for a time period, thereby enabling the inspection facility to be updated during the time period by the anti-virus center; upon ending of the time period, re-inspecting the object, thereby inspecting the object by updated inspection tests; and upon determining the object as malicious by the re-inspection, blocking the object, otherwise forwarding the object toward its destination.
摘要翻译: 在连接到防病毒中心进行更新的检查设施(例如,在网关服务器,代理服务器,防火墙到网络,在局域网的入口处,甚至在用户的计算机上),方法 用于保护计算机免受可疑对象(例如文件,可执行文件,网页,电子邮件消息等)的影响,该方法包括以下步骤:检查对象; 在将对象确定为可疑的情况下,将对象保持隔离(例如,防止从对象转发到其目的地)一段时间,从而使检测设施在该时间段期间被防病毒中心更新; 在结束时间段,重新检查物体,从而通过更新的检验检验来检查物体; 并且在通过重新检查将对象确定为恶意时,阻止对象,否则将对象转发到其目的地。
-
8.发明申请Method and system for identifying and blocking spam email messages at an inspecting point 审中-公开在检查点识别和阻止垃圾邮件信息的方法和系统公开(公告)号:US20060075048A1
公开(公告)日:2006-04-06
申请号:US11004942
申请日:2004-12-07
申请人: Shimon Gruper , Yanki Margalit , Dany Margalit
发明人: Shimon Gruper , Yanki Margalit , Dany Margalit
IPC分类号: G06F15/16
CPC分类号: H04L51/12
摘要: In one aspect, the present invention is directed to a method for identifying and blocking spam email messages at an inspecting point, the method comprises the steps of: measuring the flow rate of email messages sent from an originator through the inspecting point; and if the measured flow rate exceeds a given threshold, email messages transmitted from the originator are classified as spam and/or the originator is classified as a spammer. In another aspect, the present invention is directed to a system for identifying and blocking spam email messages at an inspecting point, the system comprising: a spam detector, for classifying an email message as spam-suspected; a flow rate calculator, for calculating a flow rate of spam-suspected email messages that have reached the inspecting point; a spam indicator, for classifying spam-suspected email messages as spam by their flow rate and a threshold thereof.
摘要翻译: 一方面,本发明涉及一种用于在检查点识别和阻止垃圾电子邮件消息的方法,所述方法包括以下步骤:测量从发起者通过检查点发送的电子邮件的流量; 并且如果测量的流量超过给定的阈值,则从始发者发送的电子邮件被分类为垃圾邮件和/或发起者被分类为垃圾邮件发送者。 在另一方面,本发明涉及一种用于在检查点识别和阻止垃圾邮件消息的系统,该系统包括:垃圾邮件检测器,用于将电子邮件消息分类为垃圾邮件疑似; 流量计算器,用于计算到达检查点的垃圾信息可疑电子邮件的流量; 垃圾邮件指示器,用于将垃圾邮件疑似的电子邮件消息作为垃圾邮件分类为其流量和阈值。
-
9.发明授权公开(公告)号:US06763399B2
公开(公告)日:2004-07-13
申请号:US10126520
申请日:2002-04-22
申请人: Yanki Margalit , Dany Margalit , Rami Kastershtien
发明人: Yanki Margalit , Dany Margalit , Rami Kastershtien
IPC分类号: G06F100
CPC分类号: G06K19/07733 , G06F21/34 , G06F21/79
摘要: A smart card—host system that operates without the intermediation of a smart card reader. The smart card—host system comprises a host, which has a USB interface, and a portable device, which provides smart card function(s). The portable device has a smart card chip for performing the smart card function(s); a USB interface for connecting the portable device with the host via USB protocol; and a microprocessor for controlling the transfer of data between the USB interface and the smart card chip, for converting data from a USB format to the format of the smart card chip and for converting data from the format of the smart card chip to a USB format.
摘要翻译: 智能卡主机系统,无需智能卡读卡器即可运行。 智能卡主机系统包括具有USB接口的主机和提供智能卡功能的便携式设备。 便携式设备具有用于执行智能卡功能的智能卡芯片; 用于通过USB协议将便携式设备与主机连接的USB接口; 以及用于控制USB接口和智能卡芯片之间的数据传输的微处理器,用于将数据从USB格式转换为智能卡芯片的格式,并将数据从智能卡芯片的格式转换为USB格式 。
-
公开(公告)号:US06554621B1
公开(公告)日:2003-04-29
申请号:US09616669
申请日:2000-07-14
申请人: Yanki Margalit , Dany Margalit
发明人: Yanki Margalit , Dany Margalit
IPC分类号: H01R1360
摘要: This invention discloses a cable apparatus for use in conjunction with a computer system having a first socket disposed in the rear thereof in order to accommodate at least one cable without occupying a workspace of a user of the computer system, and a frequently disconnected peripheral unit which includes a second socket via which a peripheral unit is frequently connected to the computer system and frequently disconnected therefrom, the cable apparatus including a cable, at a first end of the cable, a third socket mating with the first socket, and at a second end of the cable, the cable includes a fourth socket mating with the second socket and a cable end adherent operative to attach the second end of the cable to a user-selected surface within the workspace.
摘要翻译: 本发明公开了一种与计算机系统一起使用的电缆设备,该计算机系统具有设置在其后部的第一插座,以便容纳至少一根电缆,而不占用计算机系统的用户的工作空间,以及频繁断开的外围单元, 包括第二插座,周边单元通过该第二插座频繁地连接到计算机系统并且经常与计算机系统断开连接,所述电缆设备包括电缆,在电缆的第一端处具有与第一插座配合的第三插座,并且在第二插座 电缆包括与第二插座配合的第四插座和电缆端附着件,其可操作以将电缆的第二端连接到工作空间内的用户选择的表面。
-
-
-
-
-
-
-
-
-
搜索结果
45 条记录 (耗时 0.028 秒)