WO2005076101A3 - System and method for securing computers against computer virus - Google Patents

System and method for securing computers against computer virus Download PDF

Info

Publication number
WO2005076101A3
WO2005076101A3 PCT/JP2005/001979 JP2005001979W WO2005076101A3 WO 2005076101 A3 WO2005076101 A3 WO 2005076101A3 JP 2005001979 W JP2005001979 W JP 2005001979W WO 2005076101 A3 WO2005076101 A3 WO 2005076101A3
Authority
WO
WIPO (PCT)
Prior art keywords
virus
computer virus
against computer
computers against
securing computers
Prior art date
Application number
PCT/JP2005/001979
Other languages
French (fr)
Other versions
WO2005076101A2 (en
Inventor
Los Santos Aldous C De
Richard T Fernandez
Rodelio G Finones
Original Assignee
Trend Micro Inc
Los Santos Aldous C De
Richard T Fernandez
Rodelio G Finones
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Trend Micro Inc, Los Santos Aldous C De, Richard T Fernandez, Rodelio G Finones filed Critical Trend Micro Inc
Publication of WO2005076101A2 publication Critical patent/WO2005076101A2/en
Publication of WO2005076101A3 publication Critical patent/WO2005076101A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition

Abstract

In one embodiment, an antivirus mechanism builds an automaton (206) of a virus using a pattern and a set of rules. The antivirus mechanism may then scan a binary file (602) to detect an engine of the virus by matching the automaton with a plurality of disassembly codes (212) derived from the binary file. The pattern may comprise a data structure including a name of a particular virus, and information for detecting the virus using the disassembly codes. 1
PCT/JP2005/001979 2004-02-06 2005-02-03 System and method for securing computers against computer virus WO2005076101A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US54233404P 2004-02-06 2004-02-06
US60/542,334 2004-02-06
US10/899,380 2004-07-26
US10/899,380 US7370361B2 (en) 2004-02-06 2004-07-26 System and method for securing computers against computer virus

Publications (2)

Publication Number Publication Date
WO2005076101A2 WO2005076101A2 (en) 2005-08-18
WO2005076101A3 true WO2005076101A3 (en) 2006-01-12

Family

ID=34830534

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/001979 WO2005076101A2 (en) 2004-02-06 2005-02-03 System and method for securing computers against computer virus

Country Status (2)

Country Link
US (1) US7370361B2 (en)
WO (1) WO2005076101A2 (en)

Families Citing this family (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7089591B1 (en) 1999-07-30 2006-08-08 Symantec Corporation Generic detection and elimination of marco viruses
WO2002093334A2 (en) * 2001-04-06 2002-11-21 Symantec Corporation Temporal access control for computer virus outbreaks
US7155742B1 (en) 2002-05-16 2006-12-26 Symantec Corporation Countering infections to communications modules
US7418729B2 (en) * 2002-07-19 2008-08-26 Symantec Corporation Heuristic detection of malicious computer code by page tracking
US7380277B2 (en) 2002-07-22 2008-05-27 Symantec Corporation Preventing e-mail propagation of malicious computer code
US7478431B1 (en) * 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US7469419B2 (en) * 2002-10-07 2008-12-23 Symantec Corporation Detection of malicious computer code
US7159149B2 (en) * 2002-10-24 2007-01-02 Symantec Corporation Heuristic detection and termination of fast spreading network worm attacks
US7249187B2 (en) * 2002-11-27 2007-07-24 Symantec Corporation Enforcement of compliance with network security policies
US7631353B2 (en) * 2002-12-17 2009-12-08 Symantec Corporation Blocking replication of e-mail worms
US7296293B2 (en) * 2002-12-31 2007-11-13 Symantec Corporation Using a benevolent worm to assess and correct computer security vulnerabilities
US8271774B1 (en) 2003-08-11 2012-09-18 Symantec Corporation Circumstantial blocking of incoming network traffic containing code
US7526804B2 (en) * 2004-02-02 2009-04-28 Microsoft Corporation Hardware assist for pattern matches
US7337327B1 (en) 2004-03-30 2008-02-26 Symantec Corporation Using mobility tokens to observe malicious mobile code
US7370233B1 (en) 2004-05-21 2008-05-06 Symantec Corporation Verification of desired end-state using a virtual machine environment
US7441042B1 (en) 2004-08-25 2008-10-21 Symanetc Corporation System and method for correlating network traffic and corresponding file input/output traffic
US7690034B1 (en) 2004-09-10 2010-03-30 Symantec Corporation Using behavior blocking mobility tokens to facilitate distributed worm detection
US7810158B2 (en) * 2004-12-16 2010-10-05 At&T Intellectual Property I, L.P. Methods and systems for deceptively trapping electronic worms
US8104086B1 (en) 2005-03-03 2012-01-24 Symantec Corporation Heuristically detecting spyware/adware registry activity
TW200634514A (en) * 2005-03-24 2006-10-01 Farstone Tech Inc Security detection system and methods regarding the same
US20080134326A2 (en) * 2005-09-13 2008-06-05 Cloudmark, Inc. Signature for Executable Code
US20070094734A1 (en) * 2005-09-29 2007-04-26 Mangione-Smith William H Malware mutation detector
US7707635B1 (en) * 2005-10-06 2010-04-27 Trend Micro Incorporated Script-based pattern for detecting computer viruses
US7877801B2 (en) * 2006-05-26 2011-01-25 Symantec Corporation Method and system to detect malicious software
US8239915B1 (en) 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
US8201244B2 (en) * 2006-09-19 2012-06-12 Microsoft Corporation Automated malware signature generation
US7854002B2 (en) * 2007-04-30 2010-12-14 Microsoft Corporation Pattern matching for spyware detection
US8869109B2 (en) * 2008-03-17 2014-10-21 Microsoft Corporation Disassembling an executable binary
US8549624B2 (en) * 2008-04-14 2013-10-01 Mcafee, Inc. Probabilistic shellcode detection
US8442931B2 (en) 2008-12-01 2013-05-14 The Boeing Company Graph-based data search
US7603713B1 (en) * 2009-03-30 2009-10-13 Kaspersky Lab, Zao Method for accelerating hardware emulator used for malware detection and analysis
US8621626B2 (en) * 2009-05-01 2013-12-31 Mcafee, Inc. Detection of code execution exploits
US9087195B2 (en) * 2009-07-10 2015-07-21 Kaspersky Lab Zao Systems and methods for detecting obfuscated malware
US8640245B2 (en) 2010-12-24 2014-01-28 Kaspersky Lab, Zao Optimization of anti-malware processing by automated correction of detection rules
US8990259B2 (en) 2011-06-24 2015-03-24 Cavium, Inc. Anchored patterns
US9858051B2 (en) * 2011-06-24 2018-01-02 Cavium, Inc. Regex compiler
WO2013020003A1 (en) 2011-08-02 2013-02-07 Cavium, Inc. Packet classification by an optimised decision tree
US8533836B2 (en) * 2012-01-13 2013-09-10 Accessdata Group, Llc Identifying software execution behavior
RU2514142C1 (en) 2012-12-25 2014-04-27 Закрытое акционерное общество "Лаборатория Касперского" Method for enhancement of operational efficiency of hardware acceleration of application emulation
EP2954453B1 (en) * 2013-02-10 2017-08-23 PayPal, Inc. Method and product for providing a predictive security product and evaluating existing security products
US9275336B2 (en) 2013-12-31 2016-03-01 Cavium, Inc. Method and system for skipping over group(s) of rules based on skip group rule
US9544402B2 (en) 2013-12-31 2017-01-10 Cavium, Inc. Multi-rule approach to encoding a group of rules
US9667446B2 (en) 2014-01-08 2017-05-30 Cavium, Inc. Condition code approach for comparing rule and packet data that are provided in portions
US10505960B2 (en) 2016-06-06 2019-12-10 Samsung Electronics Co., Ltd. Malware detection by exploiting malware re-composition variations using feature evolutions and confusions
US9996328B1 (en) * 2017-06-22 2018-06-12 Archeo Futurus, Inc. Compiling and optimizing a computer code by minimizing a number of states in a finite machine corresponding to the computer code
US10481881B2 (en) * 2017-06-22 2019-11-19 Archeo Futurus, Inc. Mapping a computer code to wires and gates
US10713359B2 (en) * 2017-09-29 2020-07-14 AO Kaspersky Lab System and method of identifying a malicious intermediate language file
US20230059796A1 (en) * 2021-08-05 2023-02-23 Cloud Linux Software Inc. Systems and methods for robust malware signature detection in databases

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001069356A2 (en) * 2000-03-14 2001-09-20 Symantec Corporation Histogram-based virus detection
US20020073330A1 (en) * 2000-07-14 2002-06-13 Computer Associates Think, Inc. Detection of polymorphic script language viruses by data driven lexical analysis
US20030033536A1 (en) * 2001-08-01 2003-02-13 Pak Michael C. Virus scanning on thin client devices using programmable assembly language

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2501771B2 (en) * 1993-01-19 1996-05-29 インターナショナル・ビジネス・マシーンズ・コーポレイション Method and apparatus for obtaining multiple valid signatures of an unwanted software entity
US5675711A (en) * 1994-05-13 1997-10-07 International Business Machines Corporation Adaptive statistical regression and classification of data strings, with application to the generic detection of computer viruses
US5442699A (en) * 1994-11-21 1995-08-15 International Business Machines Corporation Searching for patterns in encrypted data
US6279128B1 (en) * 1994-12-29 2001-08-21 International Business Machines Corporation Autonomous system for recognition of patterns formed by stored data during computer memory scrubbing
US5623600A (en) * 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
US6192512B1 (en) * 1998-09-24 2001-02-20 International Business Machines Corporation Interpreter with virtualized interface
US6711583B2 (en) * 1998-09-30 2004-03-23 International Business Machines Corporation System and method for detecting and repairing document-infecting viruses using dynamic heuristics
US6622134B1 (en) * 1999-01-05 2003-09-16 International Business Machines Corporation Method of constructing data classifiers and classifiers constructed according to the method
GB2350449A (en) * 1999-05-27 2000-11-29 Ibm Detecting replication of a computer virus using a counter virus
US6851057B1 (en) * 1999-11-30 2005-02-01 Symantec Corporation Data driven detection of viruses
US6789200B1 (en) * 2000-05-18 2004-09-07 International Business Machines Corporation Method of automatically instituting secure, safe libraries and functions when exposing a system to potential system attacks
US7089589B2 (en) 2001-04-10 2006-08-08 Lenovo (Singapore) Pte. Ltd. Method and apparatus for the detection, notification, and elimination of certain computer viruses on a network using a promiscuous system as bait
US7203959B2 (en) * 2003-03-14 2007-04-10 Symantec Corporation Stream scanning through network proxy servers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001069356A2 (en) * 2000-03-14 2001-09-20 Symantec Corporation Histogram-based virus detection
US20020073330A1 (en) * 2000-07-14 2002-06-13 Computer Associates Think, Inc. Detection of polymorphic script language viruses by data driven lexical analysis
US20030033536A1 (en) * 2001-08-01 2003-02-13 Pak Michael C. Virus scanning on thin client devices using programmable assembly language

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
AHO A V ET AL: "COMPILERS PRINCIPLES, TECHNIQUES, AND TOOLS", COMPILERS. PRINCIPLES, TECHNIQUES, AND TOOLS, READING, ADDISON-WESLEY PUBLISHING CO, US, 1986, XP002940830 *
CHRISTODORESCU M; JHA S: "Static Analysis of Executables to Detect Malicious Patterns", PROCEEDINGS OF THE 12TH USENIXSECURITY SYMPOSIUM, 4 August 2003 (2003-08-04), pages 169 - 186, XP002333005, Retrieved from the Internet <URL:http://www.usenix.org/events/sec03/tech/full_papers/christodorescu/christodorescu.pdf> [retrieved on 20050621] *
SZÖR P; FERRIE P: "Hunting For Metamorphic", VIRUS BULLETIN CONFERENCE 2001, September 2001 (2001-09-01), pages 123 - 144, XP002333352, Retrieved from the Internet <URL:http://www.peterszor.com/metamorp.pdf> [retrieved on 20050623] *

Also Published As

Publication number Publication date
WO2005076101A2 (en) 2005-08-18
US7370361B2 (en) 2008-05-06
US20050177736A1 (en) 2005-08-11

Similar Documents

Publication Publication Date Title
WO2005076101A3 (en) System and method for securing computers against computer virus
Stolfo et al. Towards stealthy malware detection
US7873947B1 (en) Phylogeny generation
US9990583B2 (en) Match engine for detection of multi-pattern rules
US20150186649A1 (en) Function Fingerprinting
CN109829306B (en) Malicious software classification method for optimizing feature extraction
EP2513836B1 (en) Obfuscated malware detection
US20160094564A1 (en) Taxonomic malware detection and mitigation
CN105956180B (en) A kind of filtering sensitive words method
US20080047012A1 (en) Network intrusion detector with combined protocol analyses, normalization and matching
WO2005124627A3 (en) Automated transaction processing system and approach
EP1655682A3 (en) System and Method of Aggregating the Knowledge Base of Antivirus Software Applications
CN100535916C (en) Scanning system for virus and method therefor
CN101753570A (en) methods and systems for detecting malware
WO2007117635A3 (en) Malware modeling detection system and method for mobile platforms
CN102307189B (en) Malicious code detection method and network equipment
CN101441687B (en) Method and apparatus for extracting virus characteristic of virus document
CN113821804B (en) Cross-architecture automatic detection method and system for third-party components and security risks thereof
Rafique et al. Malware classification using deep learning based feature extraction and wrapper based feature selection technique
EP1251421A3 (en) Digital signature verifying method and apparatus
CN113935033A (en) Feature-fused malicious code family classification method and device and storage medium
CN106910135A (en) User recommends method and device
US9135442B1 (en) Methods and systems for detecting obfuscated executables
CN108989336A (en) A kind of emergency disposal system and emergence treating method for network safety event
CN109583201A (en) The system and method for identifying malice intermediate language file

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase