Malware detection and identification via malware spoofing
First Claim
Patent Images
1. A method comprising:
- placing on a system a component extracted from a malware infection, without thereby infecting the system, in that the placed component does not behave maliciously in isolation from at least one other component of the malware infection which is not on the system;
using a utility to obtain a listing which, in the absence of filtering by malware, would list the placed malware component; and
checking the listing to determine whether the placed malware component is listed therein.
0 Assignments
0 Petitions
Accused Products
Abstract
A malware spoof component may be a formed component which has some but not all characteristics of an actual malware file or other component. Alternately, a spoof component may be an isolated component extracted from actual malware. Malware spoof components may be placed on a target system, after which a listing is obtained and checked. If the placed spoof component does not appear in the listing, then the spoof component may have been filtered out by malware infecting the system, thereby revealing the malware'"'"'s presence.
131 Citations
15 Claims
-
1. A method comprising:
-
placing on a system a component extracted from a malware infection, without thereby infecting the system, in that the placed component does not behave maliciously in isolation from at least one other component of the malware infection which is not on the system; using a utility to obtain a listing which, in the absence of filtering by malware, would list the placed malware component; and checking the listing to determine whether the placed malware component is listed therein. - View Dependent Claims (2, 3, 4)
-
-
5. A non-transitory computer-readable storage medium configured with data and instructions for performing the following method:
-
(a) automatically placing on a system a malware spoof component, without thereby infecting the system with malware that is spoofed by that malware spoof component; (b) automatically using a utility to obtain a listing which, in the absence of filtering by malware, would list that placed malware spoof component; (c) automatically checking the listing to determine whether that placed malware spoof component is listed therein; and (d) automatically repeating steps (a) through (c) with at least one other malware spoof component, whereby the method automatically checks the system for malware using a plurality of malware spoof components. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A system, comprising:
-
a processor in operable connection with a memory; the processor configured by data and instructions to perform the following; automatically place on a target system a plurality of malware spoof components, without thereby infecting the target system with malware that is spoofed by the malware spoof components; automatically use a utility to obtain at least one listing which, in the absence of filtering by malware, would list the placed malware spoof components; and automatically check the listing(s) to determine whether the placed malware spoof components are listed therein; whereby the target system is automatically checked for malware. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification