Protecting a computer that provides a Web service from malware

US 20060242709A1
Filed: 04/21/2005
Published: 10/26/2006
Est. Priority Date: 04/21/2005
Status: Active Grant

First Claim

Patent Images

1. In a networking environment that includes a requester computer and a computer that provides a Web service, a method of protecting the computer that provides the Web service from malware generated by the requestor computer, the method comprising:

(a) receiving a request at the computer that provides the Web service;

(b) scanning the high-level code in the request for malware; and

(c) if malware is identified in the high-level data, preventing the request from being processed by the computer that provides the Web service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with the present invention, a system, method, and computer-readable medium for identifying malware in a request to a Web service is provided. One aspect of the present invention is a computer-implemented method for protecting a computer that provides a Web service from malware made in a Web request. When a request is received, an on-demand compilation system compiles high-level code associated with the request into binary code that may be executed. However, before the code is executed, antivirus software designed to identify malware scans the binary code for malware. If malware is identified, the antivirus software prevents the binary code associated with the request from being executed.

Citations

20 Claims

1. In a networking environment that includes a requester computer and a computer that provides a Web service, a method of protecting the computer that provides the Web service from malware generated by the requestor computer, the method comprising:
- (a) receiving a request at the computer that provides the Web service;
  
  (b) scanning the high-level code in the request for malware; and
  
  (c) if malware is identified in the high-level data, preventing the request from being processed by the computer that provides the Web service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as recited in claim 1, further comprising:
    - (a) causing high-level code associated with the request to be compiled into binary code that may be executed;
      
      (b) scanning the binary code for malware before the binary code is executed; and
      
      (c) if malware is identified in the binary code, preventing the binary code from being executed.
  - 3. The method as recited in claim 2, further comprising, if malware is not identified in the binary code allowing the binary code to be executed.
  - 4. The method as recited in claim 2, wherein the request is compiled into binary code in a filter on the Web service computer that determines whether the request is malware prior to being processed by software routines that implement the Web service.
  - 5. The method as recited in claim 4, wherein the filter is an Internet Server Application Program Interface filter that includes:
    - (a) a compiler that causes high-level code associated with the request to be compiled into the binary code; and
      
      (b) antivirus software that scans the binary code for malware before the binary code is executed.
  - 6. The method as recited in claim 2, wherein high-level code associated with the request is compiled into binary code by a demand compilation system that is configured to compile the binary code immediately prior to execution.
  - 7. The method as recited in claim 6, wherein the on-demand compilation system is configured to notify antivirus software when the binary code is scheduled to be executed.
  - 8. The method as recited in claim 2, wherein the high-level code associated with the request that is compiled into binary code is in the Extensible Style Sheet programming language.
  - 9. The method as recited in claim 2, wherein scanning the binary code for malware includes generating a signature of the binary code using a hash function and comparing the signature to signatures generated from known malware.
  - 10. The method as recited in claim 2, wherein scanning the binary code for malware includes identifying heuristic factors in the binary code that are characteristic of malware.
  - 11. The method as recited in claim 10, wherein a heuristic factor identified is the type of calls made by the binary code to the operating system installed on the computer that provides the Web service.
  - 12. The method as recited in claim 1, wherein the request is transmitted between the requestor computer and the computer that provides the Web service using the Hypertext Transfer Protocol.
  - 13. The method as recited in claim 1, wherein the request is formatted to comply with the Extensible Markup Language protocol.

14. A software system that prevents malware from being executed on a computer that provides a Web service, the software system comprising:
- (a) an interface that accepts a Web service request;
  
  (b) an on-demand compilation system that compiles high-level code associated with the request into binary code;
  
  (c) an execution environment operative to execute binary code compiled by the on-demand compilation system; and
  
  (d) antivirus software for identifying malware in the binary code.
- View Dependent Claims (15, 16, 17)
- - 15. The software system as recited in claim 14, wherein the antivirus software is configured to identify a malware signature in high-level XML code that is designed to use an excessive amount of computer resources.
  - 16. The software system as recited in claim 14, wherein the antivirus software includes a signature database that stores signatures of known malware for access by the scan engine.
  - 17. The software system as recited in claim 14, wherein the on-demand compilation system compiles high-level code into binary code only when the functionality of the binary code is needed;
    - and wherein the on-demand compilation system is further configured to notify the antivirus software when the binary code is scheduled to be executed.

18. A computer-readable medium bearing computer-executable instructions that, when executed on a computer that provides a Web service, causes the computer to:
- (a) accept a request in the Extensible Markup Language format that is transmitted from a remote computer using the Hypertext Transfer Protocol;
  
  (b) cause high-level code associated with the request to be scanned for high level constructs that are associated with malware;
  
  (c) compile the high-level code into binary code; and
  
  (d) cause the binary code to be scanned for malware.
- View Dependent Claims (19, 20)
- - 19. The computer-readable medium as recited in claim 18, wherein the computer-readable medium is further operative to cause the computer to:
    - (a) if malware is identified, prevent the binary code from being executed; and
      
      (b) conversely, if malware is not identified, allow the binary code to be executed.
  - 20. The computer-readable medium as recited in claim 18, wherein performing the scan of binary code for malware includes identifying heuristic factors in the binary code that are characteristic of malware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Marinescu, Adrian M., Kramer, Michael, Kaufman, Charles W., Seinfeld, Marc E., Cooperstein, Jeffrey M.

Granted Patent

US 7,603,712 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/564   by virus signature recognition

H04L 63/1408   by monitoring network traff...

H04L 63/168   above the transport layer

Protecting a computer that provides a Web service from malware

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting a computer that provides a Web service from malware

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links