Programmatic communication in the event of host malware infection
First Claim
Patent Images
1. A computer-implemented method of advertising presence of communications-blocking malware, comprising:
- receiving, at a client, beacon name-generation parameters;
generating a beacon name based at least in part on the received parameters, the beacon name representing a network location;
storing the beacon name;
monitoring access to network communications available to the client;
detecting, responsive to the monitoring, an inability of the client to access a predetermined network address of a security server while still being able to access other network addresses; and
responsive to the detecting, sending a beacon message to the network location represented by the beacon name, the beacon message describing a security state of the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A distress signal sender and a distress signal receiver receive beacon-name generation parameters and generate a beacon name based at least in part on the received parameters, the beacon name representing a network location. Responsive to detecting an unexpected lack of access to network communications, the distress signal sender sends a beacon message to the generated beacon name, the beacon message describing a security state of the client. The distress signal receiver detects the beacon message sent by the distress signal sender, and responsive to receiving the beacon message, performs a remedial action.
96 Citations
17 Claims
-
1. A computer-implemented method of advertising presence of communications-blocking malware, comprising:
-
receiving, at a client, beacon name-generation parameters; generating a beacon name based at least in part on the received parameters, the beacon name representing a network location; storing the beacon name; monitoring access to network communications available to the client; detecting, responsive to the monitoring, an inability of the client to access a predetermined network address of a security server while still being able to access other network addresses; and responsive to the detecting, sending a beacon message to the network location represented by the beacon name, the beacon message describing a security state of the client. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium storing a computer program executable by a processor for responding to a client indication of malware infection, actions of the computer program comprising:
-
receiving beacon name-generation parameters; generating a beacon name based at least in part on the received parameters, the beacon name representing a network location; detecting a beacon message sent by a client device responsive to the client device determining that the client device is unable to access a predetermined network address of a security server but is able to access network addresses other than the address of the security server, the beacon message addressed to the network location represented by the beacon name and describing a security state of the client device; and responsive to receiving the beacon message, performing a remedial action. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer-implemented device for responding to a client indication of malware infection, comprising:
-
a computer processor; a beacon name information repository; a distress signal receiver module that when executed by the computer processor performs actions comprising; receiving beacon name-generation parameters; generating a beacon name based at least in part on the received parameters, the beacon name representing a network location; storing the received parameters and the generated beacon name in the beacon name information repository; detecting a beacon message sent by a client device responsive to the client device determining that the client device is unable to access a predetermined network address of a security server but is able to access network addresses other than the address of the security server, the beacon message addressed to the network location represented by the beacon name and describing a security state of the client device; and responsive to receiving the beacon message, performing a remedial action. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification