System and method for defining and detecting pestware
First Claim
Patent Images
1. A method for generating pestware definitions comprising:
- receiving a pestware file;
placing at least a portion of the pestware file into a processor-readable memory;
following a plurality of execution paths within code of the pestware file, wherein each of the execution paths is a potential path that a processor executing the code will potentially follow;
identifying particular instructions within the execution paths;
storing, in a processor-readable pestware-definition file, a representation of the relative locations of each of the particular instructions within the code of the pestware file; and
sending the pestware-definition file to a plurality of client devices, wherein at least one of the client devices receives a file and determines whether relative locations of each of particular instructions within code of the file received by the at least one client device match at least a predetermined percentage of relative locations of instructions in the pestware-definition file.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for defining and detecting pestware is described. One embodiment includes receiving a file and placing at least a portion of the file into a processor-readable memory of a computer. A plurality of execution paths within code of the pestware file are followed and particular instructions within the execution paths are identified. A representation of the relative locations of each of the particular instructions within the code of the file are compared against a pestware-definition file so as to determine whether the file is a potential pestware file.
-
Citations
14 Claims
-
1. A method for generating pestware definitions comprising:
-
receiving a pestware file; placing at least a portion of the pestware file into a processor-readable memory; following a plurality of execution paths within code of the pestware file, wherein each of the execution paths is a potential path that a processor executing the code will potentially follow; identifying particular instructions within the execution paths; storing, in a processor-readable pestware-definition file, a representation of the relative locations of each of the particular instructions within the code of the pestware file; and sending the pestware-definition file to a plurality of client devices, wherein at least one of the client devices receives a file and determines whether relative locations of each of particular instructions within code of the file received by the at least one client device match at least a predetermined percentage of relative locations of instructions in the pestware-definition file. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for detecting pestware on a computer comprising:
-
receiving a file; placing at least a portion of the file into a processor-readable memory of the computer; following a plurality of execution paths within code of the file, wherein each of the execution paths is a potential path that a processor executing the code will potentially follow; identifying particular instructions within the execution paths; comparing, against a pestware-definition file, a representation of the relative locations of each of the particular instructions within the code of the file so as to determine whether the file is a potential pestware file; and determining whether the relative locations of each of the particular instructions within the code match at least a predetermined percentage of relative locations of instructions in the pestware-definition file. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification