SYSTEM AND METHOD FOR BELOW-OPERATING SYSTEM MODIFICATION OF MALICIOUS CODE ON AN ELECTRONIC DEVICE

US 20120255013A1
Filed: 03/29/2011
Published: 10/04/2012
Est. Priority Date: 03/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method for securing an electronic device, comprising:

detecting, at a level below all of the operating systems of the electronic device accessing a memory or a storage of the electronic device, presence of malicious code; and

in response to detecting the presence of malicious code, modifying, at a level below all of the operating systems of the electronic device accessing the memory or the storage of the electronic device, the malicious code.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing an electronic device, may include a memory, a processor, one or more operating systems residing in the memory for execution by the processor; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the memory. The security agent may be further configured to detect presence of malicious code, and in response to detecting presence of the malicious code, modify the malicious code.

49 Citations

View as Search Results

21 Claims

1. A method for securing an electronic device, comprising:
- detecting, at a level below all of the operating systems of the electronic device accessing a memory or a storage of the electronic device, presence of malicious code; and
  
  in response to detecting the presence of malicious code, modifying, at a level below all of the operating systems of the electronic device accessing the memory or the storage of the electronic device, the malicious code.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein modifying the malicious code comprises modifying the malicious code as embodied in a memory of the electronic device.
  - 3. The method of claim 2, wherein modifying the malicious code as embodied in the memory of the electronic device comprises at least one of:
    - modifying the malicious code such that an entity including the malicious code self-terminates; and
      
      modifying the malicious code such that the modified code transfers execution to trusted code configured to neutralize the malicious code.
  - 4. The method of claim 1, wherein modifying the malicious code includes modifying the malicious code as embodied in storage of the electronic device.
  - 5. The method of claim 4, wherein modifying the malicious code as embodied in storage of the electronic device comprises:
    - referencing collected information regarding a relationship of content stored in the memory to corresponding content stored in the storage; and
      
      modifying content in a location of storage corresponding to a location of the memory having the malicious code.
  - 6. The method of claim 1, wherein modifying the malicious code includes modifying the malicious code'"'"'s access to the memory or other resources of the electronic device to deny the malicious code any access to the memory or other resources of the electronic device.
  - 7. The method of claim 1, further comprising identifying other portions of memory potentially having malicious code based on the physical memory address of the detected malicious code.

8. A system for securing an electronic device, comprising:
- a memory;
  
  a processor;
  
  one or more operating systems residing in the memory for execution by the processor;
  
  a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the memory, and further configured to;
  
  detect presence of malicious code; and
  
  in response to detecting presence of the malicious code, modify the malicious code.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein modifying the malicious code comprises modifying the malicious code as embodied in the memory.
  - 10. The system of claim 9, wherein modifying the malicious code as embodied in the memory comprises at least one of:
    - modifying the malicious code such that an entity including the malicious code self-terminates; and
      
      modifying the malicious code such that the modified code transfers execution to trusted code configured to neutralize the malicious code.
  - 11. The system of claim 8, wherein modifying the malicious code includes modifying the malicious code as embodied in storage of the electronic device.
  - 12. The system of claim 11, wherein modifying the malicious code as embodied in storage of the electronic device comprises:
    - referencing collected information regarding a relationship of content stored in the memory to corresponding content stored in the storage; and
      
      modifying content in a location of storage corresponding to a location of the memory having the malicious code.
  - 13. The system of claim 8, wherein modifying the malicious code includes modifying the malicious code'"'"'s access to the memory or other resources of the electronic device to deny the malicious code any access to the memory or other resources of the electronic device.
  - 14. The system of claim 8, the security agent further configured to identify other portions of the memory potentially having malicious code based on the physical memory address of the detected malicious code.

15. An article of manufacture, comprising:
- a computer readable medium;
  
  computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to, at a level below all of the operating systems of an electronic device accessing a memory or storage of the electronic device;
  
  detect presence of malicious code in the memory or storage of electronic device; and
  
  in response to detecting presence of the malicious code, modifying the malicious code.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The article of claim 15, wherein modifying the malicious code comprises modifying the malicious code as embodied in a memory of the electronic device.
  - 17. The article of claim 16, wherein modifying the malicious code as embodied in the memory of the electronic device comprises at least one of:
    - modifying the malicious code such that an entity including the malicious code self-terminates; and
      
      modifying the malicious code such that the modified code transfers execution to trusted code configured to neutralize the malicious code.
  - 18. The article of claim 15, wherein modifying the malicious code includes modifying the malicious code as embodied in storage of the electronic device.
  - 19. The article of claim 18, wherein modifying the malicious code as embodied in storage of the electronic device comprises:
    - referencing collected information regarding a relationship of content stored in the memory to corresponding content stored in the storage; and
      
      modifying content in a location of storage corresponding to a location of the memory having the malicious code.
  - 20. The article of claim 15, wherein modifying the malicious code includes modifying the malicious code'"'"'s access to the memory or other resources of the electronic device to deny the malicious code any access to the memory or other resources of the electronic device.
  - 21. The system of claim 15, wherein the processor is further caused to identify other portions of the memory potentially having malicious code based on the physical memory address of the detected malicious code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Sallam, Ahmed Said

Granted Patent

US 8,925,089 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/564   by virus signature recognition

G06F 21/568   eliminating virus, restorin...

SYSTEM AND METHOD FOR BELOW-OPERATING SYSTEM MODIFICATION OF MALICIOUS CODE ON AN ELECTRONIC DEVICE

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR BELOW-OPERATING SYSTEM MODIFICATION OF MALICIOUS CODE ON AN ELECTRONIC DEVICE

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links