Efficient distribution of a malware countermeasure

US 8,539,581 B2
Filed: 07/14/2006
Issued: 09/17/2013
Est. Priority Date: 04/27/2006
Status: Active Grant

First Claim

Patent Images

1. A network device comprising:

a network probe circuit for collecting information from at least one node of a plurality of networked nodes;

a network analyzer circuit for monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes;

a decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes; and

a distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments include a system, an apparatus, a device, computer-program product, and a method. An embodiment provides a network device. The network device includes an information store operable to save a countermeasure useable in at least substantially reducing a harm caused by a malware (hereafter the “malware countermeasure”). The network device also includes a transmission circuit for sending a packet to at least one node of a plurality of networked nodes. The network device further includes a protection circuit for implementing the malware countermeasure in the network device.

70 Citations

View as Search Results

47 Claims

1. A network device comprising:
- a network probe circuit for collecting information from at least one node of a plurality of networked nodes;
  
  a network analyzer circuit for monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes;
  
  a decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes; and
  
  a distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The network device of claim 1, wherein the decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes comprises:
    - decision circuitry for determining from the information collected existence of at least one instruction to distribute at least one malware countermeasure.
  - 3. The network device of claim 1, wherein the decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes comprises:
    - decision circuitry for determining from the information collected at least one indicium of at least some malware operating on the at least one node of the plurality of networked nodes.
  - 4. The network device of claim 1, wherein the decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes comprises:
    - decision circuitry for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes and for selecting at least one distribution schema.
  - 5. The network device of claim 1, wherein the decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes comprises:
    - decision circuitry for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes and for selecting at least one malware countermeasure from at least two malware countermeasures.
  - 6. The network device of claim 1, wherein the decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes comprises:
    - distribution circuitry for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 7. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly based on the at least one hit list and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 8. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes having a high bandwidth capacity relative to at least one other node of the plurality of networked nodes.
  - 9. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly based on at least one listening generated list and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 10. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly using at least one quick division list and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 11. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly based on at least one received list and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 12. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly based on at least one locally-generated list and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 13. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly based on at least one list selected from two or more lists and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 14. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly based on at least one node assessment list and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 15. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly based on at least one distribution schema and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 16. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly based on at least one scanning generated list and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 17. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, at least partly based on at least one node selection strategy and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 18. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes at one or more first times and to at least one other node set of the plurality of networked nodes at one or more other times.
  - 19. The network device of claim 1, wherein the malware countermeasure includes an antivirus patch, a patch, a defense, a quarantine of at least one node of the plurality of networked nodes, a quarantine of at least one sub-network of the plurality of networked nodes, a containment measure, a blocking of a port of a host at a node of the plurality of networked nodes, and/or a transmitting a notification receivable by a device associatable with a human.
  - 20. The network device of claim 1, further comprising:
    - at least one dedicated transmission circuit for receiving and forwarding only the malware countermeasure to the at least one node of the plurality of networked nodes.
  - 21. The network device of claim 1, wherein the network analyzer circuit for monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes comprises:
    - a network analyzer circuit for at least one of learning, mapping, scanning, protocol analyzing, or probing at least two respective nodes of the plurality of networked nodes.
  - 22. The network device of claim 1, wherein the network analyzer circuit for monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes comprises:
    - a network analyzer circuit for monitoring at least two nodes of the plurality of networked nodes for an indicium of an activity at each respective node.
  - 23. The network device of claim 1, wherein the network analyzer circuit for monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes comprises:
    - a network analyzer circuit for monitoring at least two nodes of the plurality of networked nodes and for generating a node hit list based upon the monitoring.
  - 24. The network device of claim 1, further comprising:
    - a network scanning circuit for testing, the testing including one or more of testing at least two network addresses, or testing a port of a node of the plurality of networked nodes.
  - 25. The network device of claim 1, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for determining for inclusion on the at least one hit list at least one networked node at a strategic point on at least one generated topological map.
  - 26. The network device of claim 25, wherein the distribution circuitry for determining for inclusion on the at least one hit list at least one networked node at a strategic point on at least one generated topological map comprises:
    - distribution circuitry for determining for at least one strategic networked node on at least one generated topological map, the at least one strategic networked node having only uninfected networked nodes beyond the at least one strategic networked node.
  - 27. The network device of claim 1, wherein the decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes comprises:
    - decision circuitry for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, identifying at least one program affected by the at least some malware, and identifying at least one other node of the plurality of networked nodes associated with the at least one program.
  - 28. The network device of claim 27, wherein the distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - distribution circuitry for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node and the at least one other node of the plurality of networked nodes.
  - 29. The network device of claim 28, wherein the distribution circuitry for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node and the at least one other node of the plurality of network nodes comprises:
    - distribution circuitry for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure (i) at a first time to the at least one node and the at least one other node of the plurality of networked nodes and (ii) at a second time following the first time to at least one additional node other than the at least one node and the at least one other node.

30. A method implemented in a computing device comprising:
- collecting information from at least one node of a plurality of networked nodes;
  
  monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes;
  
  determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes;
  
  andcommunicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map,wherein at least one of the collecting, monitoring, determining or communicating is at least partially performed by at least one processing device.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 31. The method of claim 30, wherein determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes comprises:
    - determining from the information collected existence of at least one instruction to distribute at least one malware countermeasure.
  - 32. The method of claim 30, wherein determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes comprises:
    - determining from the information collected at least one indicium of at least some malware operating on the at least one node of the plurality of networked nodes.
  - 33. The method of claim 30, wherein communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - communicating, at least partly based on the at least one hit list and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 34. The method of claim 30, wherein communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes having a high bandwidth capacity relative to at least one other node of the plurality of networked nodes.
  - 35. The method of claim 30, wherein communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - communicating, at least partly based on at least one listening generated list and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 36. The method of claim 30, wherein communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - communicating, at least partly based on at least one node selection strategy and in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 37. The method of claim 30, wherein communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes at one or more first times and to at least one other node set of the plurality of networked nodes at one or more other times.
  - 38. The method of claim 30, wherein communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map comprises:
    - communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to at least one node set of the plurality of networked nodes.
  - 39. The method of claim 30, wherein determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes comprises:
    - determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes and selecting at least one malware countermeasure from at least two malware countermeasures.
  - 40. The method of claim 30, further comprising:
    - transmitting, via at least one transmission circuit dedicated to receiving and forwarding only malware countermeasures, the at least one malware countermeasure to the at least one node of the plurality of networked nodes.
  - 41. The method of claim 30, wherein collecting information from at least one node of a plurality of networked nodes comprises:
    - testing at least one port of at least one node of a plurality of networked nodes.

42. A network device comprising:
- means for collecting information from at least one node of a plurality of networked nodes;
  
  means for monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes;
  
  means for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes;
  
  andmeans for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map.
- View Dependent Claims (43, 44)
- - 43. The network device of claim 42, further comprising:
    - means for transmitting, via transmission means dedicated to receiving and forwarding only malware countermeasures, the at least one malware countermeasure to the at least one node of the plurality of networked nodes.
  - 44. The network device of claim 42, further comprising:
    - means for testing, the testing including one or more of testing at least two network addresses, or testing a port of a node of the plurality of networked nodes.

45. A computer-program storage product comprising:
- (a) program instructions operable to perform a process in a computing device, the process comprising;
  
  collecting information from at least one node of a plurality of networked nodes;
  
  monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes;
  
  determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes;
  
  andcommunicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map; and
  
  (b) one or more non-transitory computer-readable storage media bearing the program instructions.
- View Dependent Claims (46, 47)
- - 46. The computer-program storage product of claim 45, wherein the process further comprises:
    - transmitting, via at least one transmission circuit dedicated to receiving and forwarding only malware countermeasures, the at least one malware countermeasure to the at least one node of the plurality of networked nodes.
  - 47. The computer-program storage product of claim 45, wherein the process further comprises:
    - testing at least one port of at least one node of a plurality of networked nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Invention Science Fund I, L.L.C. (Intellectual Ventures LLC)
Original Assignee
The Invention Science Fund I, L.L.C. (Intellectual Ventures LLC)
Inventors
Levien, Royce A., Lord, Robert W., Malamud, Mark A., Mangione-Smith, William Henry, Jung, Edward K. Y.
Primary Examiner(s)
Lipman, Jacob

Application Number

US11/486,975
Publication Number

US 20070255723A1
Time in Patent Office

2,622 Days
Field of Search

726 22- 24
US Class Current

726/24
CPC Class Codes

H04L 63/1408 by monitoring network traff...

Efficient distribution of a malware countermeasure

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Efficient distribution of a malware countermeasure

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links