Method and system for minimizing the effects of rogue security software
First Claim
1. A computing system implemented process for minimizing the effects of rogue security software comprising:
- providing a security system to monitor a given user computing system to detect any alerts generated regarding the given user computing system, the security system being implemented, at least in part, on one or more computing systems;
detecting a given alert regarding the given user computing system through the security system;
analyzing the given alert regarding the given user computing system using one or more processors associated with the one or more computing systems and determining that the given alert is a malware alert, wherein a malware alert is an alert that is generated to alert a user of the user computing system of one or more malware files the alert indicates are present within the user computing system;
transforming data indicating a status of the given alert regarding the given user computing system to data indicating a status of malware alert using one or more processors associated with the one or more computing systems;
taking one or more actions to protect a user of the given user computing system from responding to the given malware alert while an initial malware alert analysis of the given malware alert is performed;
performing the initial malware alert analysis of the given malware alert using one or more processors associated with the one or more computing systems and determining that the malware alert is associated with rogue security software, wherein determining that the malware alert is associated with rogue security software comprises determining that at least one of the files indicated by the alert is not present within the system;
transforming data indicating a status of the given malware alert to data indicating a status of malware alert potentially associated with rogue security software using one or more processors associated with the one or more computing systems; and
taking one or more actions to protect a user of the given user computing system from responding to the given malware alert at least until further analysis of the given malware alert is performed.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for minimizing the effects of rogue security software leverages the fact that virtually all rogue security software generates malware alerts to scare the user/victim into submitting their payment information, and the fact that the malware alerts generated by rogue security software are almost never changed. In one example, a user computing system is monitored/scanned for any alerts being presented to the user. Once an alert is detected, the alert content is sampled and analyzed for defined keywords that indicate the alert is a malware alert and any alert including the defined keywords is considered a malware alert and is treated as being potentially generated by rogue security software. All malware alerts are therefore subjected to an initial malware alert analysis before the user is allowed to see, and/or respond, at least without a warning, to the malware alert. If it is determined that the malware alert is suspicious for any reason, then the malware alert is determined to be potentially generated by rogue security software and the user is prevented from seeing, and/or responding to, at least without a warning, the malware alert until a more definitive analysis can be performed.
25 Citations
20 Claims
-
1. A computing system implemented process for minimizing the effects of rogue security software comprising:
-
providing a security system to monitor a given user computing system to detect any alerts generated regarding the given user computing system, the security system being implemented, at least in part, on one or more computing systems; detecting a given alert regarding the given user computing system through the security system; analyzing the given alert regarding the given user computing system using one or more processors associated with the one or more computing systems and determining that the given alert is a malware alert, wherein a malware alert is an alert that is generated to alert a user of the user computing system of one or more malware files the alert indicates are present within the user computing system; transforming data indicating a status of the given alert regarding the given user computing system to data indicating a status of malware alert using one or more processors associated with the one or more computing systems; taking one or more actions to protect a user of the given user computing system from responding to the given malware alert while an initial malware alert analysis of the given malware alert is performed; performing the initial malware alert analysis of the given malware alert using one or more processors associated with the one or more computing systems and determining that the malware alert is associated with rogue security software, wherein determining that the malware alert is associated with rogue security software comprises determining that at least one of the files indicated by the alert is not present within the system; transforming data indicating a status of the given malware alert to data indicating a status of malware alert potentially associated with rogue security software using one or more processors associated with the one or more computing systems; and taking one or more actions to protect a user of the given user computing system from responding to the given malware alert at least until further analysis of the given malware alert is performed. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for minimizing the effects of rogue security software comprising:
-
a given user computing system; a security system associated with the given user computing system; a security system provider computing system; one or more processors associated with the security system provider computing system, the one or more processors associated with the security system provider computing system executing at least part of a computing system implemented process for minimizing the effects of rogue security software, the computing system implemented process for minimizing the effects of rogue security software comprising; monitoring the given user computing system using the security system to detect any alerts generated regarding the given user computing system, the security system being implemented, at least in part, by the security system provider computing system; detecting a given alert regarding the given user computing system through the security system; analyzing the given alert regarding the given user computing system using the one or more processors associated with the security system provider computing system and determining that the given alert is a malware alert, wherein a malware alert is an alert that is generated to alert a user of the user computing system of one or more malware files the alert indicates are present within the user computing system; transforming data indicating a status of the given alert regarding the given user computing system to data indicating a status of malware alert using the one or more processors associated with the security system provider computing system; taking one or more actions to protect a user of the given user computing system from responding to the given malware alert while an initial malware alert analysis of the given malware alert is performed; performing the initial malware alert analysis of the given malware alert using the one or more processors associated with the security system provider computing system and determining that the malware alert is associated with rogue security software, wherein determining that the malware alert is associated with rogue security software comprises determining that at least one of the files indicated by the alert is not present within the system; transforming data indicating a status of the given malware alert to data indicating a status of malware alert potentially associated with rogue security software using the one or more processors associated with the security system provider computing system; and taking one or more actions to protect a user of the given user computing system from responding to the given malware alert at least until further analysis of the given malware alert is performed. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for minimizing the effects of rogue security software comprising:
-
a given user computing system; a security system associated with the given user computing system; one or more processors associated with the given user computing system, the one or more processors associated with the given user computing system executing at least part of a computing system implemented process for minimizing the effects of rogue security software, the computing system implemented process for minimizing the effects of rogue security software comprising; monitoring the given user computing system using the security system to detect any alerts generated regarding the given user computing system, the security system being implemented, at least in part, by the given user computing system; detecting a given alert regarding the given user computing system through the security system; analyzing the given alert regarding the given user computing system using the one or more processors associated with the given user computing system and determining that the given alert is a malware alert, wherein a malware alert is an alert that is generated to alert a user of the user computing system of one or more malware files the alert indicates are present within the user computing system; transforming data indicating a status of the given alert regarding the given user computing system to data indicating a status of malware alert using the one or more processors associated with the given user computing system; taking one or more actions to protect a user of the given user computing system from responding to the given malware alert while an initial malware alert analysis of the given malware alert is performed; performing the initial malware alert analysis of the given malware alert using the one or more processors associated with the given user computing system and determining that the malware alert is associated with rogue security software, wherein determining that the malware alert is associated with rogue security software comprises determining that at least one of the files indicated by the alert is not present within the system; transforming data indicating a status of the given malware alert to data indicating a status of malware alert potentially associated with rogue security software using the one or more processors associated with the given user computing system; and taking one or more actions to protect a user of the given user computing system from responding to the given malware alert at least until further analysis of the given malware alert is performed. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification