Detection of fake antivirus in computers
First Claim
1. A method of preventing reception of fake antivirus in a computer, the method comprising:
- determining a reputation of a website;
classifying text content of a web page of the website in response to finding that the website has an unknown reputation;
finding that the website belongs to an antivirus category based on classification of the text content of the web page of the website; and
in response to finding that the website belongs to the antivirus category, determining that the website belongs to a legitimate antivirus vendor before allowing download of a file from the website to the computer.
1 Assignment
0 Petitions
Accused Products
Abstract
Detection of fake antivirus includes classifying text content of a user interface of an application program and scanning files associated with the application program for suspicious code. The user interface may be a graphical user interface (GUI) window of the application program. The text content may be obtained from a painted portion of the GUI window and by intercepting text changing operations performed on the GUI window. The text content may be input to a learning model to determine whether or not the application program belongs to the antivirus category. The application program is deemed to be fake antivirus when the application program is classified as belonging to the antivirus category and has a file with suspicious code.
75 Citations
4 Claims
-
1. A method of preventing reception of fake antivirus in a computer, the method comprising:
-
determining a reputation of a website; classifying text content of a web page of the website in response to finding that the website has an unknown reputation; finding that the website belongs to an antivirus category based on classification of the text content of the web page of the website; and in response to finding that the website belongs to the antivirus category, determining that the website belongs to a legitimate antivirus vendor before allowing download of a file from the website to the computer. - View Dependent Claims (2, 3, 4)
-
Specification