Systems and methods for identifying sources of malware

US 20070016951A1
Filed: 07/13/2005
Published: 01/18/2007
Est. Priority Date: 07/13/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method of managing malware, comprising:

detecting malware on a protected computer;

collecting information from a history log of the protected computer; and

directing the protected computer to convey the information to a host computer, such that the information can be used to identify a source of the malware.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for identifying sources of malware are described. In one embodiment, a system includes a malware detection module configured to determine that a protected computer includes malware. The system also includes a history log module configured to access a history log of the protected computer to identify a set of potential sources of the malware.

401 Citations

17 Claims

1. A computer-implemented method of managing malware, comprising:
- detecting malware on a protected computer;
  
  collecting information from a history log of the protected computer; and
  
  directing the protected computer to convey the information to a host computer, such that the information can be used to identify a source of the malware.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the detecting the malware includes scanning files of the protected computer to detect the malware in one of the files.
  - 3. The computer-implemented method of claim 1, wherein the detecting the malware includes monitoring the protected computer for activity that is indicative of the malware on the protected computer.
  - 4. The computer-implemented method of claim 1, wherein the collecting the information includes identifying an application program used to access the malware and collecting the information from the application program'"'"'s history log.
  - 5. The computer-implemented method of claim 1, wherein the collecting the information includes collecting the n most recently recorded entries in the history log, and n is an integer that is at least one.
  - 6. The computer-implemented method of claim 1, wherein the history log corresponds to a Web browser'"'"'s history log, the collecting the information includes identifying the n most recently recorded Web addresses in the Web browser'"'"'s history log, and n is an integer that is at least one.
  - 7. The computer-implemented method of claim 6, wherein the information can be used to identify one of the Web addresses as being associated with the source of the malware.

8. A computer-readable medium comprising executable instructions to:
- detect a presence of malware that is downloaded using a Web browser;
  
  access the Web browser'"'"'s history log to identify a set of Web sites; and
  
  report that the set of Web sites include a potential malware distribution site.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer-readable medium of claim 8, wherein the executable instructions to detect the presence of the malware include executable instructions to detect the presence of the malware based on a set of malware definitions.
  - 10. The computer-readable medium of claim 8, wherein the set of Web sites correspond to the n most recently visited Web sites, and n is an integer that is at least one.
  - 11. The computer-readable medium of claim 8, wherein the executable instructions to access the Web browser'"'"'s history log include executable instructions to access the Web browser'"'"'s history log to identify a set of Web addresses associated with the set of Web sites.
  - 12. The computer-readable medium of claim 11, wherein the set of Web addresses correspond to a set of Uniform Resource Locators associated with the set of Web sites.

13. A system of managing malware, comprising:
- a malware detection module configured to determine that a protected computer includes malware; and
  
  a history log module configured to access a history log of the protected computer to identify a set of potential sources of the malware.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein the history log corresponds to a Web browser'"'"'s history log.
  - 15. The system of claim 14, wherein the history log module is configured to access the Web browser'"'"'s history log to identify the n most recently visited Web sites, and n is an integer that is at least one.
  - 16. The system of claim 14, wherein the history log module is configured to access the Web browser'"'"'s history log to identify the n most recently recorded Web addresses, and n is an integer that is at least one.
  - 17. The system of claim 13, further comprising:
    - a reporting module configured to report the set of potential sources of the malware to a host computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Webroot Software Incorporated (Open Text Corporation)
Original Assignee
Webroot Software Incorporated (Open Text Corporation)
Inventors
Piccard, Paul, Greene, Michael

Application Number

US11/180,161
Publication Number

US 20070016951A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/552 involving long-term monitor...

Systems and methods for identifying sources of malware

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

401 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for identifying sources of malware

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

401 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others