Malicious mobile code runtime monitoring system and methods

US 9,444,844 B2
Filed: 01/15/2014
Issued: 09/13/2016
Est. Priority Date: 11/08/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A method for protecting a computer from malicious downloadables, comprising:

receiving, by a first computer, an incoming downloadable, the downloadable including a security profile including a list of suspicious instructions that was attached thereto by a second computer;

extracting the security profile from the received downloadable;

comparing the security profile with a security policy to determine if the downloadable violates the security policy; and

taking an additional action related to execution of the downloadable if the downloadable violates the security policy.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts.

Citations

32 Claims

1. A method for protecting a computer from malicious downloadables, comprising:
- receiving, by a first computer, an incoming downloadable, the downloadable including a security profile including a list of suspicious instructions that was attached thereto by a second computer;
  
  extracting the security profile from the received downloadable;
  
  comparing the security profile with a security policy to determine if the downloadable violates the security policy; and
  
  taking an additional action related to execution of the downloadable if the downloadable violates the security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein said receiving comprises receiving from the second computer.
  - 3. The method of claim 1, wherein said receiving comprises receiving from a computer other than the second computer.
  - 4. The method of claim 1, wherein the additional action includes preventing execution of the downloadable by a third computer.
  - 5. The method of claim 4, wherein the third computer is the same computer as the first computer.
  - 6. The method of claim 4, wherein the third computer is a computer other than the first computer.
  - 7. The method of claim 4, wherein the third computer is a mobile computing device.
  - 8. The method of claim 4, wherein the third computer is an intrusion detection/ prevention device.
  - 9. The method of claim 4, wherein the third computer is a desktop computer.
  - 10. The method of claim 4, wherein the third computer is a network switch.
  - 11. The method of claim 4, wherein the third computer is a network firewall.
  - 12. The method of claim 1, wherein the security profile was attached to content of the downloadable, and wherein said extracting extracts the security profile from the downloadable content.
  - 13. The method of claim 1, wherein the security profile was attached to a transport protocol for the downloadable, and wherein said extracting extracts the security profile from the transport protocol.

14. A method for protecting a computer from malicious downloadables, comprising:
- receiving, by a first computer, an incoming downloadable, the downloadable including a security profile including a list of suspicious instructions that was attached by a second computer;
  
  searching for the security profile within the received downloadable and if a security profile is found,extracting the security profile from the received downloadable;
  
  comparing the security profile with a security policy to determine if the downloadable violates the security policy; and
  
  taking an additional action related to execution of the downloadable if the downloadable violates the security policy.

15. A method for protecting a computer from malicious downloadables, comprising:
- receiving an incoming downloadable;
  
  deriving a security profile for the downloadable, the security profile including a list of suspicious computer operations that may be attempted by the downloadable, wherein deriving comprises inspecting the downloadable by at least one software inspection method; and
  
  attaching the security profile to the downloadable.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein said attaching attaches the security profile to content of the downloadable.
  - 17. The method of claim 15, wherein said attaching attaches the security profile to a transport protocol for the downloadable.
  - 18. The method of claim 15, wherein the at least one software inspection method includes a signature-based inspection method.
  - 19. The method of claim 15, wherein the at least one software inspection method includes a behavior-based inspection method.
  - 20. The method of claim 15, wherein the at least one software inspection method includes a URL-based inspection method.

21. A system for protecting a computer from malicious downloadables, comprising a first computer comprising:
- a receiver for receiving an incoming downloadable, the downloadable including a security profile including a list of suspicious instructions that was appended by a second computer;
  
  a profile extractor for extracting the security profile from the received downloadable;
  
  a comparator for comparing the security profile with a security policy, to determine if the downloadable violates the security policy; and
  
  a prevention module for preventing execution of the downloadable by a third computer when said comparator determines that the downloadable violates the security policy.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 22. The system of claim 21, wherein said receiver receives the incoming downloadable from the second computer.
  - 23. The system of claim 21, wherein said receiver receives the incoming downloadable from a computer other than the second computer.
  - 24. The system of claim 21, wherein the third computer is the same computer as the first computer.
  - 25. The system of claim 21, wherein the third computer is a computer other than the first computer.
  - 26. The system of claim 21, wherein said third computer is a mobile computing device.
  - 27. The system of claim 21, wherein said third computer is an intrusion detection/prevention device.
  - 28. The system of claim 21, wherein said third computer is a desktop computer.
  - 29. The system of claim 21, wherein said third computer is a network switch.
  - 30. The system of claim 21, wherein said third computer is a network firewall.
  - 31. The system of claim 21, wherein the security profile was attached to content of the downloadable, and wherein said profile extractor extracts the security profile from the downloadable content.
  - 32. The system of claim 21, wherein the security profile was attached to a transport protocol for the downloadable, and wherein said profile extractor extracts the security profile from the transport protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Holdings, Inc. (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
Finjan, Inc. (FIG LLC (d/b/a Fortress Investment Group LLC))
Inventors
Edery, Yigal Mordechai, Vered, Nimrod Itzhak, Kroll, David R., Touboul, Shlomo
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US14/155,835
Publication Number

US 20140143827A1
Time in Patent Office

972 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/56   Computer malware detection ...

G06F 2221/033   Test or assess software

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

Malicious mobile code runtime monitoring system and methods

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Malicious mobile code runtime monitoring system and methods

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links