Protection against malware on web resources utilizing scripts for content scanning

US 8,595,803 B2
Filed: 02/04/2013
Issued: 11/26/2013
Est. Priority Date: 07/23/2010
Status: Active Grant

First Claim

Patent Images

1. A system for malware scanning of web resources, the system comprising:

a client computer in communication with a web resource having downloadable web content;

a client authentication application running on the web resource for authenticating the client computer to the web resource;

an identifier interception module on the client computer;

a scan parameters database; and

a scan module on the client for scanning the web resource,wherein;

the scan parameters database stores a list of parameters for scanning the web resource;

the identifier interception module keeps track of a user identification for the web resource and stores them in the scan parameters database; and

the scan module reads the parameters and the user identification from the scan parameters database, authenticates itself to the web resource, and scans the web resource based on the scan parameters.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for identification of malware threats on web resources. The system employs a scheduled antivirus (AV) scanning of web resources. The scheduled scanning of web resources allows to create malware check lists and to configure access to web resources. Frequency and depth of inspection (i.e., scan) are determined for each web resource. The user identifiers are used for scheduled AV scanning of web resources. The system allows for scanning a web resource based on selected configurations without using additional client applications.

7 Citations

View as Search Results

27 Claims

1. A system for malware scanning of web resources, the system comprising:
- a client computer in communication with a web resource having downloadable web content;
  
  a client authentication application running on the web resource for authenticating the client computer to the web resource;
  
  an identifier interception module on the client computer;
  
  a scan parameters database; and
  
  a scan module on the client for scanning the web resource,wherein;
  
  the scan parameters database stores a list of parameters for scanning the web resource;
  
  the identifier interception module keeps track of a user identification for the web resource and stores them in the scan parameters database; and
  
  the scan module reads the parameters and the user identification from the scan parameters database, authenticates itself to the web resource, and scans the web resource based on the scan parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The system of claim 1, wherein the web resource includes a plugin for transmitting the web content to the client.
  - 3. The system of claim 2, wherein the plugin transmits server-side scripts relating to the content to the client.
  - 4. The system of claim 2, wherein the plugin interfaces to a Content Management System (CMS) on the server through an API of the CMS.
  - 5. The system of claim 1, wherein the plugin removes passwords from the content prior to transmitting it to the client.
  - 6. The system of claim 1, wherein a remote server is used instead of the client computer.
  - 7. The system of claim 1, wherein the identifiers are used for direct authentication of the scan module to the web resource.
  - 8. The system of claim 1, wherein the scan parameters include a scan depth.
  - 9. The system of claim 1, wherein the scan parameters include a scan frequency.
  - 10. The system of claim 1, wherein the check list includes addresses of web resources to be scanned.
  - 11. The system of claim 10, wherein the list of the resources is created based on user visits and times of visits to the web resources.
  - 12. The system of claim 1, wherein the scan module uses a file anti-virus.
  - 13. The system of claim 1, wherein the scan module uses a web anti-virus.
  - 14. The system of claim 1, wherein the scan module uses heuristic methods of malware detection.
  - 15. The system of claim 1, wherein the scan module uses signature-based methods of malware detection.
  - 16. The system of claim 1, wherein the system informs the user of malware detected on a web resource.
  - 17. The system of claim 1, wherein the system provides parameters related to detection of malware on the web resource to a defense module for blocking this resource.
  - 18. The system of claim 1, wherein the system emulates connection of different browsers for browser independent presentation of data downloaded from the web resource.
  - 19. A computer program product comprising a non-transitory computer useable storage medium storing computer code for implementing the steps of claim 18.
  - 20. The system of claim 1, wherein multiple web resources are scanned using multiple scanning nodes.
  - 21. The system of claim 20, wherein different nodes have different channel capacities between the nodes and the web resources.
  - 22. The system of claim 20, wherein some nodes scan multiple web resources while other nodes scan only one web resource.
  - 23. The system of claim 20, wherein load is distributed between the nodes based on channel capacity, channel utilization, server performance, and current server load.
  - 24. The system of claim 20, wherein the scanning includes Content Management System database scan.

25. A method for malware scanning of web resources, the method comprising:
- connecting a client computer to a web resource having downloadable web content;
  
  authenticating the client computer to the web resource; and
  
  a scan module on the client for scanning the web resource,storing a list of parameters for scanning the web resource in a scan parameters database;
  
  keeping track of a user identification for the web resource and storing them in a scan parameters database; and
  
  the parameters and the user identification from the scan parameters database, authenticating to the web resource, and scanning the web resource based on the scan parameters.
- View Dependent Claims (26, 27)
- - 26. The method of claim 25, wherein the scan parameters include a scan depth.
  - 27. The method of claim 25, wherein the scan parameters include a scan frequency.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaspersky Lab ZAO
Original Assignee
Kaspersky Lab ZAO
Inventors
Zaitsev, Oleg V.
Primary Examiner(s)
HOFFMAN, BRANDON S

Application Number

US13/757,915
Publication Number

US 20130145437A1
Time in Patent Office

295 Days
Field of Search

None
US Class Current

726/4
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/0245   Filtering by information in...

H04L 63/145   the attack involving the pr...

H04L 67/02   based on web technology, e....

Protection against malware on web resources utilizing scripts for content scanning

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Protection against malware on web resources utilizing scripts for content scanning

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links