Systems and Methods for Identifying Malware Distribution

US 20090144826A2
Filed: 06/30/2005
Published: 06/04/2009
Est. Priority Date: 06/30/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of identifying a malware distribution site, comprising:

analyzing a file to determine that the file includes potential malware;

searching a download history log to identify a Web site from which the file was downloaded; and

generating an indication that the Web site corresponds to a potential malware distribution site.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for identifying malware distribution sites are described. In one embodiment, a system includes a malware detection module configured to analyze a file of a protected computer to determine that the file is associated with malware. The system also includes a Web site identification module configured to search a download history log of the protected computer to identify a Web site from which the file was downloaded.

106 Citations

View as Search Results

18 Claims

1. A method of identifying a malware distribution site, comprising:
- analyzing a file to determine that the file includes potential malware;
  
  searching a download history log to identify a Web site from which the file was downloaded; and
  
  generating an indication that the Web site corresponds to a potential malware distribution site.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the analyzing the file includes determining that the file matches one of a set of malware definitions.
  - 3. The method of claim 1, wherein the download history log corresponds to a Web browser'"'"'s history log.
  - 4. The method of claim 1, further comprising:
    - generating the download history log based on a Web browser'"'"'s history log.
  - 5. The method of claim 1, wherein the searching the download history log includes searching the download history log to identify a Web address associated with the Web site.
  - 6. The method of claim 1, wherein the analyzing the file, the searching the download history log, and the generating the indication are performed at a protected computer, the method further comprising:
    - directing the protected computer to convey the indication to a remotely-located computer.

7. A computer-readable medium comprising executable instructions to:
- compare a file with a set of malware definitions;
  
  based on determining that the file matches one of the set of malware definitions, determine a Web address from which the file was received; and
  
  generate an indication that the Web address is associated with malware.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable medium of claim 7, wherein the executable instructions to compare the file with the set of malware definitions include executable instructions to compare a hash value of the file with a set of hash values of malware.
  - 9. The computer-readable medium of claim 7, wherein the executable instructions to determine the Web address include executable instructions to search a download history log to identify the Web address.
  - 10. The computer-readable medium of claim 9, wherein the download history log corresponds to a Web browser'"'"'s history log.
  - 11. The computer-readable medium of claim 9, further comprising executable instructions to generate the download history log based on a Web browser'"'"'s history log.
  - 12. The computer-readable medium of claim 7, wherein the Web address corresponds to a Universal Resource Locator associated with a Web site.

13. A system of managing malware, comprising:
- a malware detection module configured to analyze a file of a protected computer to determine that the file is associated with malware; and
  
  a Web site identification module configured to search a download history log of the protected computer to identify a Web site from which the file was downloaded.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the download history log corresponds to a Web browser'"'"'s history log.
  - 15. The system of claim 13, wherein the Web site identification module is configured to generate the download history log based on a Web browser'"'"'s history log.
  - 16. The system of claim 13, wherein the Web site identification module is configured to search the download history log to identify a Universal Resource Locator associated with the Web site.
  - 17. The system of claim 13, further comprising:
    - a reporting module configured to generate an indication that the Web site corresponds to a potential malware distribution site.
  - 18. The system of claim 17, wherein the reporting module is configured to direct the protected computer to convey the indication to a remotely-located computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Webroot Software Incorporated (Open Text Corporation)
Original Assignee
Webroot Software Incorporated (Open Text Corporation)
Inventors
Piccard, Paul

Application Number

US11/171,924
Publication Number

US 20070006310A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/552 involving long-term monitor...

G06F 21/562 Static detection

Systems and Methods for Identifying Malware Distribution

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Identifying Malware Distribution

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links