SYSTEM AND METHOD FOR DEFINING AND DETECTING PESTWARE

US 20080052679A1
Filed: 08/07/2006
Published: 02/28/2008
Est. Priority Date: 08/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method for generating pestware definitions comprising:

receiving a pestware file;

placing at least a portion of the pestware file into a processor-readable memory;

following a plurality of execution paths within code of the pestware file, wherein each of the execution paths is a potential path that a processor executing the code may follow;

identifying particular instructions within the execution paths;

storing, in a processor-readable pestware-definition file, a representation of the relative locations of each of the particular instructions within the code of the pestware file; and

sending the pestware-definition file to a plurality of client devices.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for defining and detecting pestware is described. One embodiment includes receiving a file and placing at least a portion of the file into a processor-readable memory of a computer. A plurality of execution paths within code of the pestware file are followed and particular instructions within the execution paths are identified. A representation of the relative locations of each of the particular instructions within the code of the file are compared against a pestware-definition file so as to determine whether the file is a potential pestware file.

82 Citations

View as Search Results

14 Claims

1. A method for generating pestware definitions comprising:
- receiving a pestware file;
  
  placing at least a portion of the pestware file into a processor-readable memory;
  
  following a plurality of execution paths within code of the pestware file, wherein each of the execution paths is a potential path that a processor executing the code may follow;
  
  identifying particular instructions within the execution paths;
  
  storing, in a processor-readable pestware-definition file, a representation of the relative locations of each of the particular instructions within the code of the pestware file; and
  
  sending the pestware-definition file to a plurality of client devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 12)
- - 2. The method of claim 1, wherein the identifying includes identifying system calls within the execution paths.
  - 3. The method of claim 1 including:
    - simplifying the representation of the relative locations so as to create a simplified representation of the relative locations, wherein the storing includes storing the representation as the simplified representation.
  - 4. The method of claim 1 including:
    - bypassing, while following the plurality of execution paths, instructions other than system calls and jump instructions.
  - 5. The method of claim 1, wherein identifying particular instructions includes identifying calls to addresses to portions of the processor-readable memory that are outside of the memory occupied by the code of the pestware file.
  - 6. The method of claim 5, including:
    - storing a representation of each of the addresses in connection with a corresponding one of the locations so as to identify each call by an address.
  - 7. The method of claim 6, including:
    - storing a representation of each of the names of the calls in connection with a corresponding one of the locations so as to identify each calls by a name.
  - 12. The method of claim 1, wherein identifying particular instructions includes identifying calls to addresses to portions of the processor-readable memory that are outside of the memory occupied by the code of the pestware file.

8. A method for detecting pestware on a computer comprising:
- receiving a file;
  
  placing at least a portion of the file into a processor-readable memory of the computer;
  
  following a plurality of execution paths within code of the pestware file, wherein each of the execution paths is a potential path that a processor executing the code may follow;
  
  identifying particular instructions within the execution paths;
  
  comparing, against a pestware-definition file, a representation of the relative locations of each of the particular instructions within the code of the file so as to determine whether the file is a potential pestware file.
- View Dependent Claims (9, 10, 11, 13, 14)
- - 9. The method of claim 8, wherein the identifying includes identifying system calls within the execution paths.
  - 10. The method of claim 8 including:
    - simplifying the representation of the relative locations so as to create a simplified representation of relative locations, wherein the comparing includes comparing the representation as the simplified representation.
  - 11. The method of claim 8 including:
    - bypassing, while following the plurality of execution paths, instructions other than system calls and jump instructions.
  - 13. The method of claim 8 including:
    - alerting a user of the computer in the event the relative locations of each of the particular instructions within the code match a minimum percentage of relative locations of instructions in the pestware-definition file.
  - 14. The method of claim 8 including:
    - quarantining the file in the event the relative locations of each of the particular instructions within the code match a minimum percentage of relative locations of instructions in the pestware definition file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Carbonite LLC (Open Text Corporation)
Original Assignee
Webroot Inc. (Open Text Corporation)
Inventors
Burtscher, Michael

Granted Patent

US 8,065,664 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/124
CPC Class Codes

G06F 21/563 by source code analysis

G06F 9/4484 Executing subprograms

SYSTEM AND METHOD FOR DEFINING AND DETECTING PESTWARE

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DEFINING AND DETECTING PESTWARE

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links