REAL-TIME MALICIOUS CODE INHIBITOR

US 20100251371A1
Filed: 03/29/2010
Published: 09/30/2010
Est. Priority Date: 03/27/2009
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for real-time blocking, of malicious code from a string sent as a request to a server, comprising:

splitting the string into a first string portion and a second string portion;

parsing a first portion substring from the first string portion;

comparing the first portion substring to a list of malicious codes;

blocking the first portion substring from the first string portion, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes; and

inserting a cookie on a client system, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for real-time blocking of malicious requests to a compute system and real-time removal of malicious code from such requests, by comparing the request information to a database of known and recorded malicious requests. If it is determined that the request is from an IP address that is restricted or has previously attacked another system, the request may be denied, the request information will be logged, the incident will be reported to the user and also SecurePlus if the user has subscribed to SecurePlus. If the request is not denied, it will be parsed and searched for inclusion of remote files, database code, programming code, known hacking terms, and user-supplied terms. If the presence of any of these items is detected, the request may be denied, the request information will be logged, the incident will be reported to the user and also SecurePlus if the user has subscribed to SecurePlus. If the request in question has been denied, a cookie will be inserted onto the requesting system to assist in detection of known attackers.

41 Citations

View as Search Results

30 Claims

1. A computer-implemented method for real-time blocking, of malicious code from a string sent as a request to a server, comprising:
- splitting the string into a first string portion and a second string portion;
  
  parsing a first portion substring from the first string portion;
  
  comparing the first portion substring to a list of malicious codes;
  
  blocking the first portion substring from the first string portion, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes; and
  
  inserting a cookie on a client system, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, further comprising:
    - parsing a second portion substring from the second string portion;
      
      comparing the second portion substring to the list of malicious codes;
      
      blocking the second portion substring from the second string portion, if it is determined that the second portion substring matches at least one malicious code from the list of malicious codes; and
      
      inserting a cookie on the client system, if it is determined that the second portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
  - 3. The computer-implemented method of claim 2, further comprising:
    - parsing a substring from the main string;
      
      comparing the substring to the list of malicious codes;
      
      removing the substring from the main string, if it is determined that the substring matches at least one malicious code from the list of malicious codes; and
      
      inserting a cookie on the client system, if it is determined that the substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
  - 4. The computer-implemented method of claim 2, wherein the string is split in approximately half to define the first string portion and second string portion.
  - 5. The computer-implemented method of claim 2, further comprising:
    - parsing an IP address from a header of the request;
      
      comparing the IP address to a list of known malicious IP addresses; and
      
      rejecting the request if the IP address matches one of the known malicious IP addresses.
  - 6. The computer-implemented method of claim 2, further comprising:
    - providing a centralized database to store an identifying information regarding attempts at malicious access;
      
      uploading the identifying information regarding an attempt at malicious access to the centralized database when the attempt a malicious access is detected;
      
      disseminating the identifying information regarding an attempt at malicious access; and
      
      blocking all access from a source of the attempt at malicious access based on the identifying information.
  - 7. The computer-implemented method of claim 2, further comprising repeating method every time a new request is sent to the server.
  - 8. The computer-implemented method of claim 2, further comprising providing a real time alert to a client when the malicious code is detected.
  - 9. The computer-implemented method of claim 2, further comprising providing a real time alert to an internet service provider when the malicious code is detected.
  - 10. The computer-implemented method of claim 2, further comprising providing a real time alert to a law enforcement agency when the malicious code is detected.

11. A system for real-time removal of malicious code from a string sent as a request to a server, the system comprising:
- a processor; and
  
  memory comprising program/instructions, wherein the program instructions are executable by the processor to;
  
  split the string into a first string portion and a second string portion;
  
  parse a first portion substring from the first string portion;
  
  compare the first portion substring to a list of malicious codes;
  
  remove the first portion substring from the first string portion, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes; and
  
  insert a cookie on a client system, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the program instructions are further executable by the processor to:
    - parse a second portion substring from the second string portion;
      
      compare the second portion substring to the list of malicious codes;
      
      remove the second portion substring from the second string portion, if it is determined that the second portion substring matches at least one malicious code from the list of malicious codes; and
      
      insert a cookie on the client system, if it is determined that the second portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
  - 13. The system of claim 12, wherein the program instructions are further executable by the processor to:
    - parse a substring from the main string;
      
      compare the substring to the list of malicious codes;
      
      remove the substring from the main string, if it is determined that the substring matches at least one malicious code from the list of malicious codes; and
      
      insert a cookie on the client system, if it is determined that the substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
  - 14. The system of claim 12, wherein the string is split in approximately half to define the first string portion and second string portion.
  - 15. The system of claim 12, wherein the program instructions are further executable by the processor to:
    - parse an IP address from a header of the request;
      
      compare the IP address to a list of known malicious IP addresses; and
      
      reject the request if the IP address matches one of the known malicious IP addresses.
  - 16. The system of claim 12, wherein the program instructions are further executable by the processor to:
    - provide a centralized database to store an identifying information regarding attempts at malicious access;
      
      upload the identifying information regarding an attempt at malicious access to the centralized database when the attempt at malicious access is detected;
      
      disseminate the identifying information regarding an attempt at malicious access; and
      
      block all access from a source of the attempt at malicious access based on the identifying information.
  - 17. The of claim 12, wherein the program instructions are further executable by the processor to repeat every time a new request is sent to the server.
  - 18. The system of claim 12, wherein the program instructions are further executable by the processor to provide a real time alert to a client when the malicious code is detected.
  - 19. The system of claim 12, wherein the program instructions are further executable by the processor to provide a real time alert to an internet service provider when the malicious code is detected.
  - 20. The system of claim 12, wherein the program instructions are further executable by the processor to provide a real time alert to a law enforcement agency when the malicious code is detected.

21. A computer-readable storage medium with an executable program stored thereon, wherein the program instructs a microprocessor to:
- split the string into a first string portion and a second string portion;
  
  parse a first portion substring from the first string portion;
  
  compare the first portion substring to a list of malicious codes;
  
  remove the first portion substring from the first string portion, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes; and
  
  insert a cookie on a client system, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computer-readable storage medium of claim 21, wherein the program further instructs the microprocessor to:
    - parse a second portion substring from the second string portion;
      
      compare the second portion substring to the list of malicious codes;
      
      remove the second portion substring from the second string portion, if it is determined that the second portion substring matches at least one malicious code from the list of malicious codes; and
      
      insert a cookie on the client system, if it is determined that the second portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
  - 23. The computer-readable storage medium of claim 22, wherein the program further instructs the microprocessor to:
    - parse a substring from the main string;
      
      compare the substring to the list of malicious codes;
      
      remove the substring from the main string, if it is determined that the substring matches at least one malicious code from the list of malicious codes; and
      
      insert a cookie on the client system, if it is determined that the substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
  - 24. The computer-readable storage medium of claim 22, wherein the string is split in approximately half to define the first string portion and second string portion.
  - 25. The computer-readable storage medium of claim 22, wherein the program further instructs the microprocessor to:
    - parse an IP address from a header of the request;
      
      compare the IP address to a list of known malicious IP addresses; and
      
      reject the request if the IP address matches one of the known malicious IP addresses.
  - 26. The computer-readable storage medium of claim 22, wherein the program further instructs the microprocessor to:
    - provide a centralized database to store an identifying information regarding attempts at malicious access;
      
      upload the identifying information regarding an attempt at malicious access to the centralized database when the attempt at malicious access is detected;
      
      disseminate the identifying information regarding an attempt at malicious access; and
      
      block all access from a source of the attempt at malicious access based on the identifying information.
  - 27. The computer-readable storage medium of claim 22, wherein the program further instructs the microprocessor to repeat every time a new request is sent to the server.
  - 28. The computer-readable storage medium of claim 22, wherein the program further instructs the microprocessor to provide a real time alert to a client when the malicious code is detected.
  - 29. The computer-readable storage medium of claim 22, wherein the program further instructs the microprocessor to provide a real time alert to an internet service provider when the malicious code is detected.
  - 30. The computer-readable storage medium of claim 22, wherein the program further instructs the microprocessor to provide a real time alert to a law enforcement agency when the malicious code is detected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jeff Brown
Original Assignee
Jeff Brown
Inventors
Brown, Jeff

Application Number

US12/749,469
Publication Number

US 20100251371A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/145   the attack involving the pr...

H04L 63/168   above the transport layer

REAL-TIME MALICIOUS CODE INHIBITOR

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

REAL-TIME MALICIOUS CODE INHIBITOR

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links