Protection against malware on web resources

US 8,370,939 B2
Filed: 10/18/2010
Issued: 02/05/2013
Est. Priority Date: 07/23/2010
Status: Active Grant

First Claim

Patent Images

1. A system for scheduled malware scanning of web resources, the system comprising:

at least one web resource having downloadable web content;

a client computer in communication with the web resource over data transfer protocols;

a client authentication application running on the web resource, wherein the client authentication application authenticates the client computer to the web resource;

a check list module on the client;

an identifier interception module on the client computer;

a scan parameters database accessible by the check list module and by the identifier interception module;

a scan module on the client for scanning the web resource; and

a web pages database connected to the scan module,wherein;

the check list module generates a check list of parameters for scanning the web resource and stores them in the scan parameters database;

the identifier interception module keeps track of user identifications on the web resource and provides identifiers to the scan parameters database;

the scan module reads scan parameters from the scan parameters database, authenticates itself to the web resource using the user identifications, and scans the web resource based on the scan parameters; and

the scan module stores results of a scan into the web page database.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for identification of malware threats on web resources. The system employs a scheduled antivirus (AV) scanning of web resources. The scheduled scanning of web resources allows to create malware check lists and to configure access to web resources. Frequency and depth of inspection (i.e., scan) are determined for each web resource. The user identifiers are used for scheduled AV scanning of web resources. The system allows for scanning a web resource based on selected configurations without using additional client applications.

Citations

20 Claims

1. A system for scheduled malware scanning of web resources, the system comprising:
- at least one web resource having downloadable web content;
  
  a client computer in communication with the web resource over data transfer protocols;
  
  a client authentication application running on the web resource, wherein the client authentication application authenticates the client computer to the web resource;
  
  a check list module on the client;
  
  an identifier interception module on the client computer;
  
  a scan parameters database accessible by the check list module and by the identifier interception module;
  
  a scan module on the client for scanning the web resource; and
  
  a web pages database connected to the scan module,wherein;
  
  the check list module generates a check list of parameters for scanning the web resource and stores them in the scan parameters database;
  
  the identifier interception module keeps track of user identifications on the web resource and provides identifiers to the scan parameters database;
  
  the scan module reads scan parameters from the scan parameters database, authenticates itself to the web resource using the user identifications, and scans the web resource based on the scan parameters; and
  
  the scan module stores results of a scan into the web page database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein a remote server is used instead of the client computer.
  - 3. The system of claim 1, wherein the identifiers are used for direct authentication of the scan module to the web resource.
  - 4. The system of claim 1, wherein the scan parameters include a scan depth.
  - 5. The system of claim 1, wherein the scan parameters include a scan frequency.
  - 6. The system of claim 1, wherein the check list includes addresses of web resources to be scanned.
  - 7. The system of claim 6, wherein the list of the resources is created based on user visits and times of visits to the web resources.
  - 8. The system of claim 1, wherein the scan module uses a file anti-virus.
  - 9. The system of claim 1, wherein the scan module uses a web anti-virus.
  - 10. The system of claim 1, wherein the scan module uses heuristic methods of malware detection.
  - 11. The system of claim 1, wherein the scan module uses signature-based methods of malware detection.
  - 12. The system of claim 1, wherein the system informs the user of malware detected on a web resource.
  - 13. The system of claim 1, wherein the system provides parameters related to detection of malware on the web resource to a defense module for blocking this resource.
  - 14. The system of claim 1, wherein the system emulates connection of different browsers for browser independent presentation of data downloaded from the web resource.

15. A method for scheduled malware scanning of web resources, the method comprising:
- establishing connection to a web resource having downloadable web content;
  
  launching a client authentication application on the web resource;
  
  generating a check list of web addresses visited by a user;
  
  intercepting and recording user identifiers;
  
  storing a list of web addresses and the identifiers into a scan parameters database;
  
  reading scan parameters from the scan parameters database and authenticating the client to the web resource;
  
  scanning the web resource, using scan parameters; and
  
  storing results of a scan, wherein the scanning employs a combination of a file anti-virus and a web ant-virus.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the scanning uses heuristic methods of malware detection.
  - 17. The method of claim 15, wherein the scan uses signature-based methods of malware detection.
  - 18. The method of claim 15, wherein the scan parameters include a scan depth.
  - 19. The method of claim 15, wherein the scan parameters include a scan frequency.
  - 20. A computer program product comprising a non-transitory computer useable storage medium storing computer code for implementing the steps of claim 15.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaspersky Lab ZAO
Original Assignee
Kaspersky Lab ZAO
Inventors
DENISOV, VITALY I., Zaitsev, Oleg V.
Primary Examiner(s)
HOFFMAN, BRANDON S

Application Number

US12/906,183
Publication Number

US 20120023579A1
Time in Patent Office

841 Days
Field of Search

None
US Class Current

726/23
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/0245   Filtering by information in...

H04L 63/145   the attack involving the pr...

H04L 67/02   based on web technology, e....

Protection against malware on web resources

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protection against malware on web resources

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links