Detecting malicious software through file group behavior
First Claim
Patent Images
1. A system for detecting malicious software on a computer system, comprising:
- a computer-readable storage medium having computer executable program code recorded thereon comprising;
a suspicious software module for detecting suspicious software on the computer system;
a tracking module for identifying a set of files on the computer system associated with the suspicious software and adding to the set a file touched by a file already in the set; and
a behavior monitoring module for monitoring the files in the set to determine whether the suspicious software is malicious.
5 Assignments
0 Petitions
Accused Products
Abstract
A malicious software detection module (MSDM) detects worms and other malicious software. The MSDM executes on a computer system connected to a network. The MSDM monitors a storage device of the computer system for the arrival of software from a suspicious portal. The MSDM designates such software as suspicious. The MSDM tracks the set of files that are associated with the suspicious software. If the files in the set individually or collectively engage in suspicious behavior, the MSDM declares the suspicious software malicious and prevents file replication and/or other malicious behavior.
-
Citations
21 Claims
-
1. A system for detecting malicious software on a computer system, comprising:
a computer-readable storage medium having computer executable program code recorded thereon comprising; a suspicious software module for detecting suspicious software on the computer system; a tracking module for identifying a set of files on the computer system associated with the suspicious software and adding to the set a file touched by a file already in the set; and a behavior monitoring module for monitoring the files in the set to determine whether the suspicious software is malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A method for detecting malicious software on a computer system, comprising:
-
detecting suspicious software on the computer system; identifying a set of files on the computer system associated with the suspicious software and adding to the set a file touched by a file already in the set; and monitoring the files in the set to determine whether the suspicious software is malicious. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable storage medium storing computer executable program code for detecting malicious software on a computer system, the program code comprising:
-
a suspicious software module for detecting suspicious software on the computer system; a tracking module for identifying a set of files on the computer system associated with the suspicious software and adding to the set a file touched by a file already in the set; and a behavior monitoring module for monitoring the files in the set to determine whether the suspicious software is malicious. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification