CONFIRMING A MALWARE INFECTION ON A CLIENT DEVICE USING A REMOTE ACCESS CONNECTION TOOL, TO IDENTIFY A MALICIOUS FILE BASED ON FUZZ HASHES
1 Assignment
0 Petitions
Accused Products
Abstract
A device may receive a trigger to determine whether one or more client devices, of a set of client devices, are infected by a malicious file. The device may generate file identification information associated with the malicious file based on receiving the trigger to determine whether the one or more client devices are infected by the malicious file. The device may obtain remote access to the one or more client devices using a connection tool based on receiving the trigger to determine whether the one or more client devices are infected by the malicious file. The device may obtain information, associated with the one or more client devices, using the remote access. The device may provide information indicating whether the one or more client devices are infected by the malicious file based on the file identification information and the information associated with the one or more client devices.
12 Citations
36 Claims
-
1-20. -20. (canceled)
-
21. A device, comprising:
one or more processors to; receive a trigger to determine whether one or more client devices, of a set of client devices, are infected by a malicious file; determine file identification information associated with the malicious file based on receiving the trigger to determine whether the one or more client devices are infected by the malicious file, the file identification information including a first set of hashes associated with execution results of the malicious file; obtain information, associated with the one or more client devices and based on receiving the trigger, to determine whether the one or more client devices are infected by the malicious file, the information including one or more second sets of hashes associated with each of the one or more client devices, respectively; generate a plurality of similarity scores, each of the plurality of similarity scores indicating a measure of similarity between the first set of hashes and each of the one or more second sets of hashes; determine, based on the plurality of similarity scores, that at least one of the one or more client devices is infected by the malicious file; and provide information indicating that the at least one of the one or more client devices is infected by the malicious file. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
28. A computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to; receive a trigger to determine whether one or more client devices, of a set of client devices, are infected by a malicious file; determine file identification information associated with the malicious file based on receiving the trigger to determine whether the one or more client devices are infected by the malicious file, the file identification information including a first set of hashes associated with execution results of the malicious file; obtain information, associated with the one or more client devices and based on receiving the trigger, to determine whether the one or more client devices are infected by the malicious file, the information including one or more second sets of hashes associated with each of the one or more client devices, respectively; generate a plurality of similarity scores, each of the plurality of similarity scores indicating a measure of similarity between the first set of hashes and each of the one or more second sets of hashes; determine, based on the plurality of similarity scores, that at least one of the one or more client devices is infected by the malicious file; and provide information indicating that the at least one of the one or more client devices is infected by the malicious file. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
35. A method, comprising:
-
receiving, by a device, a trigger to determine whether one or more client devices, of a set of client devices, are infected by a malicious file; determining, by the device, file identification information associated with the malicious file based on receiving the trigger to determine whether the one or more client devices are infected by the malicious file, the file identification information including a first set of hashes associated with execution results of the malicious file; obtaining, by the device, information, associated with the one or more client devices and based on receiving the trigger, to determine whether the one or more client devices are infected by the malicious file, the information including one or more second sets of hashes associated with each of the one or more client devices, respectively; generating, by the device, a plurality of similarity scores, each of the plurality of similarity scores indicating a measure of similarity between the first set of hashes and each of the one or more second sets of hashes; determining, by the device and based on the plurality of similarity scores, that at least one of the one or more client devices is infected by the malicious file; and providing, by the device, information indicating that the at least one of the one or more client devices is infected by the malicious file. - View Dependent Claims (36)
-
Specification