SYSTEM AND METHOD FOR DEFINING AND DETECTING PESTWARE WITH FUNCTION PARAMETERS
First Claim
1. A method for generating pestware definitions comprising:
- receiving a pestware file;
placing at least a portion of the pestware file into a processor-readable memory;
following a plurality of execution paths within code of the pestware file, wherein each of the execution paths is a potential path that a processor executing the code may follow;
retrieving, for each of a plurality of selected function calls within the code of the pestware file, at least one parameter from each of the function calls so as to obtain a plurality of parameters;
storing, in a processor-readable pestware-definition file, a representation of each of the parameters; and
sending the pestware-definition file to a plurality of client devices.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for defining and detecting pestware is described. In one embodiment, a pestware file is received and at least a portion of the pestware file is placed into a processor-readable memory. A plurality of execution paths within code of the pestware file are followed and for each of a plurality of selected function calls within the execution paths of the pestware file, at least one parameter from each of the function calls is retrieved so as to obtain a plurality of parameters. A representation of each of the parameters is then stored in a processor-readable pestware-definition file, which is sent to a plurality of client devices.
-
Citations
14 Claims
-
1. A method for generating pestware definitions comprising:
-
receiving a pestware file; placing at least a portion of the pestware file into a processor-readable memory; following a plurality of execution paths within code of the pestware file, wherein each of the execution paths is a potential path that a processor executing the code may follow; retrieving, for each of a plurality of selected function calls within the code of the pestware file, at least one parameter from each of the function calls so as to obtain a plurality of parameters; storing, in a processor-readable pestware-definition file, a representation of each of the parameters; and sending the pestware-definition file to a plurality of client devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for detecting pestware on a computer comprising:
-
receiving a file; placing at least a portion of the file into a processor-readable memory of the computer; following a plurality of execution paths within code of the pestware file, wherein each of the execution paths is a potential path that a processor executing the code may follow; retrieving, for each of a plurality of selected function calls within the code of the pestware file, at least one parameter from each of the function calls so as to obtain a plurality of parameters; and comparing the plurality of parameters with parameters within a processor-readable pestware-definition file so as to determine whether the file is a potential pestware file. - View Dependent Claims (10, 11, 12, 13, 14)
-
Specification