Known files database for malware elimination

US 20080147612A1
Filed: 12/19/2006
Published: 06/19/2008
Est. Priority Date: 12/19/2006
Status: Active Grant

First Claim

Patent Images

1. A method for handling potential malware files, comprising the steps of:

scanning a plurality of files to identify at least one file as potential malware;

querying a database to determine whether the at least one file is known; and

handling the at least one file based on whether the at least one file is known.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for identifying files that are found during a malware scan, thus enabling them to be excluded from further analysis. A method for handling a potential malware file comprises the steps of scanning a plurality of files to identify at least one file as potential malware, querying a database to determine whether the at least one file is known, and handling the at least one file based on whether the at least one file is known.

41 Citations

View as Search Results

24 Claims

1. A method for handling potential malware files, comprising the steps of:
- scanning a plurality of files to identify at least one file as potential malware;
  
  querying a database to determine whether the at least one file is known; and
  
  handling the at least one file based on whether the at least one file is known.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the querying step comprises the steps of:
    - generating information identifying the at least one file; and
      
      querying the database to obtain information indicating whether the at least one file is known.
  - 3. The method of claim 2, wherein the step of querying the database to obtain information indicating whether the at least one file is known comprises the steps of:
    - transmitting a query including the generated information identifying the at least one file to a remote database; and
      
      receiving from the remote database the information indicating whether the at least one file is known.
  - 4. The method of claim 2, wherein the generated information identifying the at least one file comprises at least one secure hash of the file.
  - 5. The method of claim 4, wherein the at least one secure hash of the file is generated using at least one cryptographic hash function.
  - 6. The method of claim 5, wherein the at least one cryptographic hash function comprises at least one of MD5, MD4 SHA1, SHA256, and CRC32.
  - 7. The method of claim 2, wherein the step of querying the database to obtain information indicating whether the at least one file is known comprises the step of:
    - querying a local database to obtain the information indicating whether the at least one file is known.
  - 8. The method of claim 2, wherein the handling step comprises the steps of:
    - excluding the at least one file from further analysis if the at least one file is known; and
      
      performing further analysis on the at least one file if the at least one file is not known.

9. A system for handling potential malware files comprising:
- a processor operable to execute computer program instructions;
  
  a memory operable to store computer program instructions executable by the processor; and
  
  computer program instructions stored in the memory and executable to perform the steps of;
  
  scanning a plurality of files to identify at least one file as potential malware;
  
  querying a database to determine whether the at least one file is known; and
  
  handling the at least one file based on whether the at least one file is known.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24)
- - 10. The system of claim 9, wherein the querying step comprises the steps of:
    - generating information identifying the at least one file; and
      
      querying the database to obtain information indicating whether the at least one file is known.
  - 11. The system of claim 10, wherein the step of querying the database to obtain information indicating whether the at least one file is known comprises the steps of:
    - transmitting a query including the generated information identifying the at least one file to a remote database; and
      
      receiving from the remote database the information indicating whether the at least one file is known.
  - 12. The system of claim 10, wherein the generated information identifying the at least one file comprises at least one secure hash of the file.
  - 13. The system of claim 12, wherein the at least one secure hash of the file is generated using at least one cryptographic hash function.
  - 14. The system of claim 13, wherein the at least one cryptographic hash function comprises at least one of MD5, MD4 SHA1, SHA256, and CRC32.
  - 15. The system of claim 10, wherein the step of querying the database to obtain information indicating whether the at least one file is known comprises the step of:
    - querying a local database to obtain the information indicating whether the at least one file is known.
  - 16. The system of claim 10, wherein the handling step comprises the steps of:
    - excluding the at least one file from further analysis if the at least one file is known; and
      
      performing further analysis on the at least one file if the at least one file is not known.
  - 18. The computer program product of claim 16, wherein the querying step comprises the steps of:
    - generating information identifying the at least one file; and
      
      querying the database to obtain information indicating whether the at least one file is known.
  - 19. The computer program product of claim 18, wherein the step of querying the database to obtain information indicating whether the at least one file is known comprises the steps of:
    - transmitting a query including the generated information identifying the at least one file to a remote database; and
      
      receiving from the remote database the information indicating whether the at least one file is known.
  - 20. The computer program product of claim 18, wherein the generated information identifying the at least one file comprises at least one secure hash of the file.
  - 21. The computer program product of claim 20, wherein the at least one secure hash of the file is generated using at least one cryptographic hash function.
  - 22. The computer program product of claim 21, wherein the at least one cryptographic hash function comprises at least one of MD5, MD4 SHA1, SHA256, and CRC32.
  - 23. The computer program product of claim 18, wherein the step of querying the database to obtain information indicating whether the at least one file is known comprises the step of:
    - querying a local database to obtain the information indicating whether the at least one file is known.
  - 24. The computer program product of claim 18, wherein the handling step comprises the steps of:
    - excluding the at least one file from further analysis if the at least one file is known; and
      
      performing further analysis on the at least one file if the at least one file is not known.

17. A computer program product for handling potential malware files comprising:
- a computer readable storage medium;
  
  computer program instructions, recorded on the computer readable storage medium, executable by a processor, for performing the steps ofscanning a plurality of files to identify at least one file as potential malware;
  
  querying a database to determine whether the at least one file is known; and
  
  handling the at least one file based on whether the at least one file is known.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Gryaznov, Dmitry

Granted Patent

US 8,528,089 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/3
CPC Class Codes

G06F 21/564 by virus signature recognition

Known files database for malware elimination

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Known files database for malware elimination

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links