ANALYSIS OF SCRIPTS

US 20120260338A1
Filed: 06/20/2012
Published: 10/11/2012
Est. Priority Date: 10/02/2009
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing a script to determine whether the script includes malicious content, the method comprising:

a computer executing a plurality of text blocks of code derived from a script of a web page, the execution of a text block of the plurality of text blocks generating an additional text block of code;

the computer determining whether the additional text block includes new code that is malicious;

if so, the computer preventing transmission of the web page to a client computer;

if not, the computer transmitting the web page to the client computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for analyzing scripts. A script is analyzed to determine whether the script includes malicious content. A computer executes at least two text blocks of code derived from a script of a web page. The execution of a text block of the at least two text blocks generates an additional text block of code. The computer determines whether the additional text block includes new code that is malicious. If so, the computer prevents transmission of the web page to a client computer. If not, the computer transmits the web page to the client computer.

14 Citations

View as Search Results

20 Claims

1. A method for analyzing a script to determine whether the script includes malicious content, the method comprising:
- a computer executing a plurality of text blocks of code derived from a script of a web page, the execution of a text block of the plurality of text blocks generating an additional text block of code;
  
  the computer determining whether the additional text block includes new code that is malicious;
  
  if so, the computer preventing transmission of the web page to a client computer;
  
  if not, the computer transmitting the web page to the client computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, the method comprising:
    - before the determining, the computer executing the new text block and copying to an output file in a data storage area the new text block and each text block the plurality of text blocks.
  - 3. The method of claim 2, the determining comprising:
    - analyzing the new text block on the output file and at least one text block of the plurality of text blocks on the output file to ascertain (i) that the additional text block comprises new text that is not directly inferred from text appearing in the script and (ii) whether the new text includes the new code that is malicious.
  - 4. The method of claim 3, wherein the at least one text block comprises text that is directly inferred from text appearing in the script.
  - 5. The method of claim 1, wherein the computer determines that the additional text block includes new code that is malicious by determining that the new code includes programming to download an executable file from a location outside the computer and initiate execution of the executable file.
  - 6. The method of claim 1, wherein the script is a text block of the plurality of text blocks that is executed before any other text box of the plurality of text boxes is executed.
  - 7. The method of claim 1, the method comprising:
    - the computer determining a web page transmission indicator whose value indicates whether the web page will be transmitted to the client computer.

8. A computer program product for analyzing a script to determine whether the script includes malicious content, the computer program product comprising:
- a computer readable tangible storage device;
  
  first program instructions to execute a plurality of text blocks of code derived from a script of a web page, the execution of a text block of the text blocks generating an additional text block of code;
  
  second program instructions to determine whether the additional text block includes new code that is malicious;
  
  third program instructions to, if it is determined that the additional text block includes the new code that is malicious, prevent transmission of the web page to a client computer;
  
  fourth program instructions to, if it is determined that the additional text block does not includes the new code that is malicious, prevent transmission of the web page to the client computer,wherein the first program instructions, the second program instructions, the third program instructions, and the fourth program instructions are stored on the computer readable tangible storage device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, the computer program product comprising:
    - fifth program instructions to, before it is determined whether the additional text block includes the new code that is malicious, execute the new text block and copy to an output file in a data storage area the new text block and each text block the plurality of text blocks,wherein the fifth program instructions are stored on the computer readable tangible storage device.
  - 10. The computer program product of claim 9, wherein to determine comprises:
    - to analyze the new text block on the output file and at least one text block of the plurality of text blocks on the output file to ascertain (i) that the additional text block comprises new text that is not directly inferred from text appearing in the script and (ii) whether the new text includes the new code that is malicious.
  - 11. The computer program product of claim 10, wherein the at least one text block comprises text that is directly inferred from text appearing in the script.
  - 12. The computer program product of claim 8, wherein the second program instructions determine that the additional text block includes new code that is malicious by determining that the new code includes programming to download an executable file from a location outside the computer and initiate execution of the executable file.
  - 13. The computer program product of claim 8, wherein the script is a text block of the plurality of text blocks that is executed before any other text box of the plurality of text boxes is executed.
  - 14. The computer program product of claim 8, the computer program product comprising:
    - fifth program instructions to determine a web page transmission indicator whose value indicates whether the web page will be transmitted to the client computer,wherein the fifth program instructions are stored on the computer readable tangible storage device.

15. A computer system for analyzing a script to determine whether the script includes malicious content, the computer system comprising:
- a processor;
  
  a computer readable memory;
  
  a computer readable tangible storage device;
  
  first program instructions to execute a plurality of text blocks of code derived from a script of a web page, the execution of a text block of the text blocks generating an additional text block of code;
  
  second program instructions to determine whether the additional text block includes new code that is malicious;
  
  third program instructions to, if it is determined that the additional text block includes the new code that is malicious, prevent transmission of the web page to a client computer;
  
  fourth program instructions to, if it is determined that the additional text block does not includes the new code that is malicious, prevent transmission of the web page to the client computer,wherein the first program instructions, the second program instructions, the third program instructions, and the fourth program instructions are stored on the computer readable tangible storage device for execution by the processor via the computer readable memory.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, the computer system comprising:
    - fifth program instructions to, before it is determined whether the additional text block includes the new code that is malicious, execute the new text block and copy to an output file in a data storage area the new text block and each text block the plurality of text blocks,wherein the fifth program instructions are stored on the computer readable tangible storage device via the computer readable memory.
  - 17. The computer system of claim 16, wherein to determine comprises:
    - to analyze the new text block on the output file and at least one text block of the plurality of text blocks on the output file to ascertain (i) that the additional text block comprises new text that is not directly inferred from text appearing in the script and (ii) whether the new text includes the new code that is malicious.
  - 18. The computer system of claim 17, wherein the at least one text block comprises text that is directly inferred from text appearing in the script.
  - 19. The computer system of claim 15, wherein the second program instructions determine that the additional text block includes new code that is malicious by determining that the new code includes programming to download an executable file from a location outside the computer and initiate execution of the executable file.
  - 20. The computer system of claim 15, wherein the script is a text block of the plurality of text blocks that is executed before any other text box of the plurality of text boxes is executed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Freeman, Robert George

Granted Patent

US 9,319,428 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/566   Dynamic detection, i.e. det...

H04L 63/145   the attack involving the pr...

H04L 63/168   above the transport layer

ANALYSIS OF SCRIPTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ANALYSIS OF SCRIPTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links