Detection of fake antivirus in computers

US 8,700,913 B1
Filed: 09/23/2011
Issued: 04/15/2014
Est. Priority Date: 09/23/2011
Status: Active Grant

First Claim

Patent Images

1. A method of preventing reception of fake antivirus in a computer, the method comprising:

determining a reputation of a website;

classifying text content of a web page of the website in response to finding that the website has an unknown reputation;

finding that the website belongs to an antivirus category based on classification of the text content of the web page of the website; and

in response to finding that the website belongs to the antivirus category, determining that the website belongs to a legitimate antivirus vendor before allowing download of a file from the website to the computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Detection of fake antivirus includes classifying text content of a user interface of an application program and scanning files associated with the application program for suspicious code. The user interface may be a graphical user interface (GUI) window of the application program. The text content may be obtained from a painted portion of the GUI window and by intercepting text changing operations performed on the GUI window. The text content may be input to a learning model to determine whether or not the application program belongs to the antivirus category. The application program is deemed to be fake antivirus when the application program is classified as belonging to the antivirus category and has a file with suspicious code.

75 Citations

View as Search Results

4 Claims

1. A method of preventing reception of fake antivirus in a computer, the method comprising:
- determining a reputation of a website;
  
  classifying text content of a web page of the website in response to finding that the website has an unknown reputation;
  
  finding that the website belongs to an antivirus category based on classification of the text content of the web page of the website; and
  
  in response to finding that the website belongs to the antivirus category, determining that the website belongs to a legitimate antivirus vendor before allowing download of a file from the website to the computer.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the reputation of the website is determined by consulting a remote web reputation service.
  - 3. The method of claim 1 wherein the reputation of the website is determined based on its uniform resource locator (URL).
  - 4. The method of claim 3 wherein the computer sends the URL to a remotely located web reputation service to determine the reputation of the website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Chang, Chia-Chi, Yen, Sheng-Chuan, Yeh, Che-Fu
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US13/243,498
Time in Patent Office

935 Days
Field of Search

726/3, 726/24, 726/25, 713/188
US Class Current

713/188
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/563   by source code analysis

G06F 21/564   by virus signature recognition

G06F 21/565   by checking file integrity

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Detection of fake antivirus in computers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

75 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of fake antivirus in computers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links