×

Detecting bootkits resident on compromised computers

  • US 9,251,343 B1
  • Filed: 03/15/2013
  • Issued: 02/02/2016
  • Est. Priority Date: 03/15/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for detecting bootkit resident on a computer, comprising:

  • performing an integrity check of a stored boot record comprising a master boot record, including;

    generating, at a first time, and storing a baseline hash of the master boot record, the baseline hash comprising a baseline signature;

    generating, at a second time, a first additional hash of the master boot record during processing of a content sample within a virtual machine, the second time being subsequent to the first time and the first additional hash comprising a first hash snapshot;

    comparing the baseline hash with the first hash snapshot and storing information indicating that the baseline hash and the first hash snapshot are not the same; and

    based on the stored information, issuing an alert of a resident bootkit.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×