×

Malicious code infection cause-and-effect analysis

  • US 8,955,135 B2
  • Filed: 02/08/2012
  • Issued: 02/10/2015
  • Est. Priority Date: 12/28/2005
  • Status: Active Grant
First Claim
Patent Images

1. A computer-readable storage device containing computer-executable instructions to control a computing device to analyze effects of a malware infection by a method comprising:

  • receiving post-infection snapshots from a plurality of machines suspected of being infected with malware, the post-infection snapshots identifying monitored activities of machines suspected of being infected with malware subsequent to the machines being suspected of being infected with malware, wherein the monitored activities of a machine relate to accessing of an operating system resource of an operating system executing on the machine;

    comparing the monitored activities of the post-infection snapshot of a first machine to the post-infection snapshots of other machines to identify monitored activities that are common across multiple post-infection snapshots of different machines; and

    tagging as possibly being caused by the malware infection the monitored activities that are common across multiple post-infection snapshots.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×