Systems and methods for detecting data-stealing malware
First Claim
Patent Images
1. A computer-implemented method for detecting data-stealing malware the method comprising:
- detecting an attempt by an untrusted application to access a storage location on a computing device that is known to be used by a legitimate application when storing potentially sensitive information;
determining that the legitimate application is not installed on the computing device by determining that a registry key known to be associated with the legitimate application is not present on the computing device;
determining that the untrusted application represents a potential security risk;
performing a security operation on the untrusted application to protect the computing device from the untrusted application;
wherein the method is performed by at least one processor of the computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for detecting data-stealing malware may include: 1) detecting an attempt by an untrusted application to access a storage location that is known to be used by a legitimate application when storing potentially sensitive information, 2) determining that the legitimate application is not installed on the computing device, 3) determining that the untrusted application represents a potential security risk, and then 4) performing a security operation on the untrusted application. Corresponding systems and computer-readable instructions embodied on computer-readable media are also disclosed.
18 Citations
17 Claims
-
1. A computer-implemented method for detecting data-stealing malware the method comprising:
-
detecting an attempt by an untrusted application to access a storage location on a computing device that is known to be used by a legitimate application when storing potentially sensitive information; determining that the legitimate application is not installed on the computing device by determining that a registry key known to be associated with the legitimate application is not present on the computing device; determining that the untrusted application represents a potential security risk; performing a security operation on the untrusted application to protect the computing device from the untrusted application; wherein the method is performed by at least one processor of the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for detecting data-stealing malware, the system comprising:
-
a monitoring module programmed to detect an attempt by an untrusted application to access a storage location on a computing device that is known to be used by a legitimate application when storing potentially sensitive information; an identification module programmed to determine that the legitimate application is not installed on the computing device by determining that a registry key known to be associated with the legitimate application is not present on the computing device; a security module programmed to; determine that the untrusted application represents a potential security risk; perform a security operation on the untrusted application to protect the computing device from the untrusted application; a processor of the computing device for executing the monitoring module, the identification module, and the security module. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
detect an attempt by an untrusted application to access a storage location that is known to be used by a legitimate application when storing potentially sensitive information; determine that the legitimate application is not installed on the computing device by determining that a registry key known to be associated with the legitimate application is not present on the computing device; determine that the untrusted application represents a potential security risk; perform a security operation on the untrusted application to protect the computing device from the untrusted application.
-
Specification