Systems and methods for discouraging polymorphic malware
First Claim
1. A computer-implemented method for discouraging polymorphic malware, the method comprising:
- receiving a request to register a file in a registration database, the request comprising the file;
prompting a user to select between solving a human-verification test and payment of a specified fee in order to register the file by;
simultaneously displaying both a graphical option for the user to solve the human-verification test and a graphical option for the user to pay the specified fee;
prompting the user to select one of the two simultaneously displayed graphical options in order to register the file;
receiving a selection from the user between solving the human-verification test and payment of the specified fee;
applying a registration tax to the file in accordance with the user'"'"'s selection;
determining based on whether the registration tax for the file has been satisfied in accordance with the user'"'"'s selection, whether to register the file in the registration database;
verifying legitimacy of the file by at least one of;
determining whether a digital signature of the file matches a digital signature of a known malicious file;
determining whether the file contains a malicious payload by executing the file within a virtual computing environment;
determining, based at least in part on whether the file has been registered in the registration database and the verifying legitimacy of the file, whether to add the file to an approved-file database;
adding the file to the approved-file database in accordance with the determining; and
transmitting information to a client device to enable the client device to check whether a digital signature of a candidate file at the client device matches the digital signature of the file added to the approved-file database, the transmitted information comprising at least one of;
an approved-file list based at least in part on the approved-file database;
an indication of whether the digital signature of the candidate file at the client device matches the digital signature of the file added to the approved-file database based on a comparison performed at a server device;
wherein the server device performs the method.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for discouraging polymorphic malware may comprise: 1) receiving a request to register a file in a registration database, 2) applying a registration tax to the file, 3) determining, based on whether the registration tax for the file has been satisfied, whether to register the file in the registration database, and then 4) determining, based at least in part on whether the file has been registered in the registration database, whether to add the file to an approved-file database. A method for determining whether to allow files on a computing device to execute using such an approved-file database is also disclosed. Corresponding systems and computer-readable media are also disclosed.
22 Citations
20 Claims
-
1. A computer-implemented method for discouraging polymorphic malware, the method comprising:
-
receiving a request to register a file in a registration database, the request comprising the file; prompting a user to select between solving a human-verification test and payment of a specified fee in order to register the file by; simultaneously displaying both a graphical option for the user to solve the human-verification test and a graphical option for the user to pay the specified fee; prompting the user to select one of the two simultaneously displayed graphical options in order to register the file; receiving a selection from the user between solving the human-verification test and payment of the specified fee; applying a registration tax to the file in accordance with the user'"'"'s selection; determining based on whether the registration tax for the file has been satisfied in accordance with the user'"'"'s selection, whether to register the file in the registration database; verifying legitimacy of the file by at least one of; determining whether a digital signature of the file matches a digital signature of a known malicious file; determining whether the file contains a malicious payload by executing the file within a virtual computing environment; determining, based at least in part on whether the file has been registered in the registration database and the verifying legitimacy of the file, whether to add the file to an approved-file database; adding the file to the approved-file database in accordance with the determining; and transmitting information to a client device to enable the client device to check whether a digital signature of a candidate file at the client device matches the digital signature of the file added to the approved-file database, the transmitted information comprising at least one of; an approved-file list based at least in part on the approved-file database; an indication of whether the digital signature of the candidate file at the client device matches the digital signature of the file added to the approved-file database based on a comparison performed at a server device; wherein the server device performs the method. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for discouraging polymorphic malware, the system comprising a server device that further comprises:
a server comprising; at least one physical processor; and a memory storing a registration module programmed to perform the following through the at least one physical processor; identify a request to register a file in a registration database, the request comprising the file; prompt a user to select between solving a human-verification test and payment of a specified fee in order to register the file by; simultaneously displaying both a graphical option for the user to solve the human-verification test and a graphical option for the user to pay the specified fee; prompting the user to select one of the two simultaneously displayed graphical options in order to register the file; receive a selection from the user between solving the human verification test and payment of the specified fee; apply a registration tax to the file in accordance with the user'"'"'s selection; determine, based on whether the registration tax for the file has been satisfied in accordance with the user'"'"'s selection, whether to register the file in the registration database; wherein the memory further stores a file-approval module programmed to perform the following through the at least one physical processor; verify legitimacy of the file by at least one of; determining whether a digital signature of the file matches a digital signature of a known malicious file; determining whether the file contains a malicious payload by executing the file within a virtual computing environment; determine, based at least in part on whether the file has been registered in the registration database and the verifying legitimacy of the file, whether to add the file to an approved-file data base; add the file to the approved-file database in accordance with the determining; and transmit information to a client device to enable the client device to check whether a digital signature of a candidate file at the client device matches the digital signature of the file added to the approved-file database, the transmitted information comprising at least one of; an approved-file list based at least in part on the approved-file database; an indication of whether the digital signature of the candidate file at the client device matches the digital signature of the file added to the approved-file database based on a comparison performed at the server device. - View Dependent Claims (12, 13, 14)
-
15. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a server device, cause the server device to:
-
receive a request to register a file in a registration database, the request comprising the file; prompt a user to select between solving a human-verification test and payment of a specified fee in order to register the file by; simultaneously displaying both a graphical option for the user to solve the human-verification test and a graphical option for the user to pay the specified fee; prompting the user to select one of the two simultaneously displayed graphical options in order to register the file; receive a selection from the user between solving the human-verification test and payment of the specified fee; apply a registration tax to the file in accordance with the user'"'"'s selection; determine based on whether the registration tax for the file has been satisfied in accordance with the user'"'"'s selection, whether to register the file in the registration database; verify legitimacy of the file by at least one of; determining whether a digital signature for the file matches a digital signature for a known malicious file; determining whether the file contains a malicious payload by executing the file within a virtual computing environment; determine, based at least in part on whether the file has been registered in the registration database and the verifying legitimacy of the file, whether to add the file to an approved-file database; add the file to the approved-file database in accordance with the determining; and transmit information to a client device to enable the client device to check whether a digital signature of a candidate file at the client device matches the digital signature of the file added to the approved-file database, the transmitted information comprising at least one of; an approved-file list based at least in part on the approved-file database; an indication of whether the digital signature of the candidate file at the client device matches the digital signature of the file added to the approved-file database based on a comparison performed at the server device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification