Identifying originators of malware
First Claim
Patent Images
1. A computer implemented method for identifying originators of malware, the method comprising the steps of:
- receiving information concerning malware infections proactively submitted from a plurality of sources, by a computer;
analyzing information concerning malware infections received from the plurality of sources, by a computer;
identifying malware infection activity at a developmental stage of its life cycle and that is associated with at least one source from the plurality of sources indicative of malware origination by the at least one source, by a computer; and
responsive to identifying a given threshold of malware infection activity associated with at the least one source indicative of malware origination, determining that the at least one source is an originator of malware, by a computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A malware analysis component receives information concerning malware infections on a large plurality of client computers, as detected by an anti-malware product or submitted directly by users. The malware analysis component analyzes this wide array of information, and identifies suspicious malware detection and submission activity associated with specific sources. Where identified suspicious patterns of malware detection and submission activity associated with a specific source meet a given threshold over time, the malware analysis component determines that the source is an originator of malware.
32 Citations
20 Claims
-
1. A computer implemented method for identifying originators of malware, the method comprising the steps of:
-
receiving information concerning malware infections proactively submitted from a plurality of sources, by a computer; analyzing information concerning malware infections received from the plurality of sources, by a computer; identifying malware infection activity at a developmental stage of its life cycle and that is associated with at least one source from the plurality of sources indicative of malware origination by the at least one source, by a computer; and responsive to identifying a given threshold of malware infection activity associated with at the least one source indicative of malware origination, determining that the at least one source is an originator of malware, by a computer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one non-transitory computer readable storage medium containing a computer program product for identifying originators of malware, the computer program product comprising:
-
program code configured to receive information concerning malware infections proactively submitted from a plurality of sources; program code configured to analyze information concerning malware infections received from the plurality of sources; program code configured to identify malware infection activity at a developmental stage of its life cycle and that is associated with at least one source from the plurality of sources indicative of malware origination by the at least one source; and program code configured to determine, responsive to identifying a given threshold of malware infection activity associated with at the least one source indicative of malware origination, that the at least one source is an originator of malware. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system, at least partially implemented in hardware, for identifying originators of malware, the computer system comprising:
-
a processor; computer memory; an interface configured to receive information concerning malware infections proactively submitted from a plurality of sources; and a malware analysis component configured to analyze information concerning malware infections received from the plurality of sources, to identify malware infection activity at a developmental stage of its life cycle and that is associated with at least one source from the plurality of sources indicative of malware origination by the at least one source, and to determine, responsive to identifying a given threshold of malware infection activity associated with the at least one source indicative of malware origination, that the at least one source is an originator of malware. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification