Updating of malicious code patterns using public DNS servers
First Claim
Patent Images
1. A method of updating currently existing malicious code patterns of an antivirus in a client computer, the method to be performed by the client computer and comprising:
- making a first domain name system (DNS) query for a first DNS record of a first fully qualified domain name (FQDN);
receiving a first DNS result responsive to the first DNS query;
obtaining from a payload of the first DNS result information on obtaining an updated malicious code pattern for the antivirus in the client computer;
making a second DNS query for a second DNS record of a second FQDN;
receiving a second DNS result responsive to the second DNS query; and
obtaining from a payload of the second DNS result a portion of the updated malicious code pattern, the updated malicious code pattern being divided into several portions for transmission in several DNS results; and
updating the currently existing malicious code patterns in the client computer with a portion of the updated malicious code pattern extracted from the payload of the second DNS result;
wherein the first and second DNS results are cached in a public DNS server computer when the first and second DNS records were published by a private DNS server computer operated for a vendor of the antivirus in the client computer and wherein the first DNS record includes information on a number of portions the updated malicious code pattern has been divided into.
1 Assignment
0 Petitions
Accused Products
Abstract
Malicious code patterns of an antivirus may be updated using public DNS (domain name system) servers. An update to the malicious code patterns may be generated and divided into several portions for inclusion in DNS records. The DNS records may be published for caching in public DNS servers. An update client in a client computer may send out DNS queries to receive contents of the DNS records, which include the portions of the update. The update client may combine the portions to update the malicious code patterns in the client computer.
28 Citations
13 Claims
-
1. A method of updating currently existing malicious code patterns of an antivirus in a client computer, the method to be performed by the client computer and comprising:
-
making a first domain name system (DNS) query for a first DNS record of a first fully qualified domain name (FQDN); receiving a first DNS result responsive to the first DNS query; obtaining from a payload of the first DNS result information on obtaining an updated malicious code pattern for the antivirus in the client computer; making a second DNS query for a second DNS record of a second FQDN; receiving a second DNS result responsive to the second DNS query; and obtaining from a payload of the second DNS result a portion of the updated malicious code pattern, the updated malicious code pattern being divided into several portions for transmission in several DNS results; and
updating the currently existing malicious code patterns in the client computer with a portion of the updated malicious code pattern extracted from the payload of the second DNS result;wherein the first and second DNS results are cached in a public DNS server computer when the first and second DNS records were published by a private DNS server computer operated for a vendor of the antivirus in the client computer and wherein the first DNS record includes information on a number of portions the updated malicious code pattern has been divided into. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising a processor for updating malicious code patterns of an antivirus, the system comprising:
-
a private DNS server computer operated for a vendor of an antivirus and configured to publish contents of DNS records containing portions of an updated malicious code pattern of the antivirus; a public DNS server computer configured to cache DNS results having payloads containing the contents of the DNS records including the updated malicious code pattern of the antivirus; and an update client running in a client computer configured to receive DNS results from the public DNS server computer, at least one of the DNS results including information on a number of portions the updated malicious code pattern has been divided into, the update client being configured to extract portions of the updated malicious code pattern from payloads of the DNS results and to use the updated malicious code pattern to update a currently existing malicious code pattern in the client computer.
-
-
11. A method of providing malicious code pattern updates, the method comprising:
-
generating an updated malicious code pattern of an antivirus; dividing the updated malicious code pattern into several chunks; including the chunks of the updated malicious code pattern into several DNS records; publishing contents of the DNS records from a private DNS server operated for a vendor of the antivirus, at least one of the DNS records containing information on a number of chunks the malicious code pattern has been divided into; in a client computer, receiving DNS results from a public DNS server that cached the contents of the DNS records, the DNS results including the contents of the DNS records; and updating a current malicious code pattern of an antivirus in the client computer with the updated malicious code pattern extracted from payloads of the DNS results. - View Dependent Claims (12, 13)
-
Specification