METHOD AND SYSTEM FOR DETECTION OF MALWARE THAT CONNECT TO NETWORK DESTINATIONS THROUGH CLOUD SCANNING AND WEB REPUTATION
First Claim
1. A method for detecting malware, comprising the steps of:
- identifying a one or more open network connections of an electronic device;
associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device;
determining the address of a first network destination that is connected to the open network connections of the electronic device;
receiving an evaluation of the first network destination, the evaluation comprising an indication that the first network destination is associated with malware; and
identifying one or more of the executable objects as malware executable objects, wherein the malware executable objects comprise the executable objects that are associated with the open network connections that are connected to the first network destination.
10 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting malware includes the steps of identifying a one or more open network connections of an electronic device, associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device, determining the address of a first network destination that is connected to the open network connections of the electronic device, receiving an evaluation of the first network destination, and identifying one or more of the executable objects as malware executable objects. The evaluation includes an indication that the first network destination is associated with malware. The malware executable objects includes the executable objects that are associated with the open network connections that are connected to the first network destination.
-
Citations
29 Claims
-
1. A method for detecting malware, comprising the steps of:
-
identifying a one or more open network connections of an electronic device; associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device; determining the address of a first network destination that is connected to the open network connections of the electronic device; receiving an evaluation of the first network destination, the evaluation comprising an indication that the first network destination is associated with malware; and identifying one or more of the executable objects as malware executable objects, wherein the malware executable objects comprise the executable objects that are associated with the open network connections that are connected to the first network destination. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An article of manufacture, comprising:
-
a computer readable medium; and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to; identify a one or more open network connections of an electronic device; associate one or more executable objects on the electronic device with the one or more open network connections of the electronic device; determine the address of a first network destination that is connected to the open network connections of the electronic device; receive an evaluation of the first network destination, the evaluation comprising an indication that the first network destination is associated with malware; and identify one or more of the executable objects as malware executable objects, wherein the malware executable objects comprise the executable objects that are associated with the open network connections that are connected to the first network destination. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of evaluating the reputation of a network destination, comprising the steps of:
-
receiving information about a network destination from a monitor, wherein; the monitor is scanning an electronic device for malware; and the network destination is in communication with an executable object on the electronic device; accessing reputation information about the network destination in a reputation database; evaluating whether reputation information indicates that the network destination is associated with malware; and sending the evaluation to the monitor. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An article of manufacture, comprising:
-
a computer readable medium; and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to; receive information about a network destination from a monitor, wherein; the monitor is scanning an electronic device for malware; and the network destination is in communication with an executable object on the electronic device; access reputation information about the network destination in a reputation database; evaluate whether reputation information indicates that the network destination is associated with malware; and send the evaluation to the monitor. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A system for detection of malware, comprising:
-
a monitor, the monitor configured to; identify one or more open network connections of an electronic device; identify one or more executable objects on the electronic device using the one or more open network connections of the electronic device; and determine the address of a first network destination that is connected to the one or more open network connections of the electronic device; a reputation application, the reputation application configured to; receive information about the first network destination from the monitor; access reputation information about the first network destination in a reputation database; evaluate whether reputation information indicates that the first network destination is associated with malware; and return the evaluation to the monitor; wherein the monitor is further configured to; receive an evaluation of the first network destination, the evaluation comprising an indication that the first network destinations is associated with malware; and determine one or more malware executable objects, wherein the one or more malware executable objects comprise the executable objects in communication with the first network destination evaluated to be associated with malware. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
Specification