System and method for actively operating malware to generate a definition
First Claim
Patent Images
1. A method for generating a definition for malware, the method comprising:
- recording the original configuration information for an active browser system;
operating potential malware on the active browser system;
recording changes to the original configuration information, the changes resulting from operating the potential malware on the active browser system;
determining whether the changes to the original configuration information indicate that the potential malware is malware; and
responsive to determining that the changes indicate that the potential malware is malware, generating a definition for the malware;
whereby the definition can be provided to protected system to prevent malware activity.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for managing malware is described. One embodiment includes the steps of recording the original configuration information for an active browser system; operating potential malware on the active browser system; recording changes to the original configuration information; determining whether the changes to the original configuration information indicate that the potential malware is malware; and generating a definition for the malware.
62 Citations
14 Claims
-
1. A method for generating a definition for malware, the method comprising:
-
recording the original configuration information for an active browser system;
operating potential malware on the active browser system;
recording changes to the original configuration information, the changes resulting from operating the potential malware on the active browser system;
determining whether the changes to the original configuration information indicate that the potential malware is malware; and
responsive to determining that the changes indicate that the potential malware is malware, generating a definition for the malware;
whereby the definition can be provided to protected system to prevent malware activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for generating a definition for malware, the method comprising:
-
recording original configuration information for an active browser system;
downloading content from a Web site, the content including a button-click event that can run a function, running the function corresponding to the button-click event on the active browser system;
recording changes to the original configuration information, the changes resulting from running the function on the active browser system;
determining whether the changes to the original configuration information indicate that the potential malware is malware; and
generating a definition for the potential malware, the definition including an indication of the function that corresponds to the button-click event. - View Dependent Claims (12)
-
-
13. A method for generating a definition for malware, the method comprising:
-
recording original configuration information for an active browser system;
downloading content from a Web site, the content including a script, executing the script;
recording changes to the original configuration information that are the result of executing the script;
determining whether the changes indicate that the potential malware is malware; and
generating a definition for the potential malware, the definition including an indication of the script.
-
-
14. A method for generating a definition for malware, the method comprising:
-
recording-original configuration information for an active browser system;
downloading content from a Web site, the content including a script, executing the script;
receiving new content responsive to executing the script, wherein the new content includes a URL; and
adding the URL to a URL database.
-
Specification