Systems and methods for blocking and removing internet-traversing malware
First Claim
Patent Images
1. A computer-implemented method for blocking and removing Internet-traversing malware, the method comprising:
- identifying, at a computing device of a user that comprises at least one processor, a cookie file that was created by a web browser installed on the computing device and that contains session information that is used to access an account of the user;
identifying, at the computing device, an attempt by the web browser executing on the computing device to access the cookie file;
determining that the web browser is attempting to access the cookie file on behalf of an executable object;
determining, at the computing device, that the executable object is not authorized to access the cookie file by;
generating a score based at least in part on at least one of;
multiple characteristics of the executable object that indicate that the executable object'"'"'s attempt to access the cookie file is unauthorized;
multiple characteristics of the web browser'"'"'s attempt to access the cookie file that indicate that the executable object'"'"'s attempt to access the cookie file is unauthorized;
determining that the score exceeds a predetermined threshold; and
in response to determining that the executable object is not authorized to access the cookie file, blocking the attempt by the web browser to access the cookie file.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for blocking and removing Internet-traversing malware may include: 1) identifying a persistent storage object of an Internet client application, 2) identifying an attempt by an executable object to access the persistent storage object, 3) determining that the executable object is not authorized to access the persistent storage object, and then 4) performing a security action based on the determination. Various other methods, systems, and computer-readable media are also disclosed.
51 Citations
17 Claims
-
1. A computer-implemented method for blocking and removing Internet-traversing malware, the method comprising:
-
identifying, at a computing device of a user that comprises at least one processor, a cookie file that was created by a web browser installed on the computing device and that contains session information that is used to access an account of the user; identifying, at the computing device, an attempt by the web browser executing on the computing device to access the cookie file; determining that the web browser is attempting to access the cookie file on behalf of an executable object; determining, at the computing device, that the executable object is not authorized to access the cookie file by; generating a score based at least in part on at least one of; multiple characteristics of the executable object that indicate that the executable object'"'"'s attempt to access the cookie file is unauthorized; multiple characteristics of the web browser'"'"'s attempt to access the cookie file that indicate that the executable object'"'"'s attempt to access the cookie file is unauthorized; determining that the score exceeds a predetermined threshold; and in response to determining that the executable object is not authorized to access the cookie file, blocking the attempt by the web browser to access the cookie file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for blocking and removing Internet-traversing malware, the system comprising:
at least one hardware processor programmed to; identify a cookie file that was created by a web browser installed on the system and that contains session information that is used to access an account of a user; identify an attempt by the web browser executing on the system to access the cookie file; determine that the web browser is attempting to access the cookie file on behalf of an executable object; determine that the executable object is not authorized to access the cookie file by; generating a score based at least in part on at least one of; multiple characteristics of the executable object that indicate that the executable object'"'"'s attempt to access the cookie file is unauthorized; multiple characteristics of the web browser'"'"'s attempt to access the cookie file that indicate that the executable object'"'"'s attempt to access the cookie file is unauthorized; determining that the score exceeds a predetermined threshold; and in response to determining that the executable object is not authorized to access the cookie file, block the attempt by the web browser to access the cookie file. - View Dependent Claims (12, 13, 14, 15, 16)
-
17. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a cookie file that was created by a web browser installed on the computing device and that contains session information that is used to access an account of a user; identify an attempt by the web browser executing on the computing device to access the cookie file; determine that the web browser is attempting to access the cookie file on behalf of an executable object; determine that the executable object is not authorized to access the cookie file by; generating a score based at least in part on at least one of; multiple characteristics of the executable object that indicate that the executable object'"'"'s attempt to access the cookie file is unauthorized; multiple characteristics of the web browser'"'"'s attempt to access the cookie file that indicate that the executable object'"'"'s attempt to access the cookie file is unauthorized; determining that the score exceeds a predetermined threshold; and in response to determining that the executable object is not authorized to access the cookie file, block the attempt by the web browser to access the cookie file.
-
Specification